YAYA (Yet Another YARA Allocution)

Presented at BSidesDC 2016, Oct. 23, 2016, 9 a.m. (50 minutes)

Are you a security professional looking for ways to identify and classify malware families? While most commonly associated with malware, YARA can actually be used against any file. In this presentation, we’ll pull back the curtain and give you an introduction to how you can use this powerful tool.

In this short time, we’ll discuss the basic format and structure of a YARA rule and introduce a few tricks to increase efficiency and performance. We will walk you through a few examples and show you some automated tools and how they can help. Lastly, we'll tie things up with some pointers on how organize rules for best effect.


Presenters:

  • Monty St John - Partner at ATX Forensics
    Monty St John is partner for ATX Forensics and a frequent contributor to community and industry events. Previous contributions have focused on research and interests in banking and healthcare security topics. His current research focuses on harvesting the DNS for threat intelligence. His latest contributions are to a book on network side of malware analysis and an open malware analysis book.
  • John Laycock - Senior Threat Researcher at Fidelis
    Mr. Laycock has been involved with forensics for over 17 years. Starting out in the world of video forensics before moving over to computer forensics for the Department of Defense. He now works on the Threat Research Team for Fidelis Cybersecurity. Mr. Laycock lives in Maryland where he is a happily married father of 3 children. As a life-long suffering Cubs fan, he keeps hoping that this is the year.

Links:

Similar Presentations: