Effective YARA (CLASS)

Presented at BSidesDC 2017, Oct. 8, 2017, 8 a.m. (480 minutes)

YARA is a powerful and free sleuthing tool that belongs in every threat, incident response or SOC team. It runs on any platform, is open source and is small enough to be an easy inclusion to any trusted tool set. Its ability to sift through data, identify files based on logic - not just by simple comparison but also via fuzzy logic - makes YARA pretty unbeatable. It can be used simply for insight on an isolated event or in sophisticated manner as part of an incident response or research laboratory. Those not using YARA are missing out on key intelligence capability. Its ease of use and ability to rapidly deploy means you can get into YARA quickly but can just as easily lead to missing the sophisticated and powerful ways to use it.

Presenters:

• Monty St John   as Monty St. John
  Monty St John is security trainer and intelligence architect for CyberDefenses and a frequent contributor to community and industry events. Previous contributions have focused on research and interests in banking and healthcare security topics. His current research focuses on harvesting the DNS for threat intelligence. His latest contributions are to a book on network side of malware analysis and an open malware analysis book.

Links:

• https://bsidesdc2017.busyconf.com/schedule#activity_59a4b06fcfaa1e07a80002b6

Similar Presentations:

• BSidesLV 2017 / Effective YARA
• BSidesLV 2017 / YARA-as-a-Service (YaaS): Real-Time Serverless Malware Detection
• SAINTCON 2019 / Becoming the YARA Hunter Training