(Beginner) Leveraging the critical YARA skills for Blue Teamers

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • aNullValue
    Moderator
    • Jun 2019
    • 584

    #1

    (Beginner) Leveraging the critical YARA skills for Blue Teamers

    Title: (Beginner) Leveraging the critical YARA skills for Blue Teamers

    Description:
    YARA rules have become one of the de facto industry standards for threat detection on files. It is important that blue teamers know what are YARA rules and the basic skills to correctly leverage them on file system, memory dumps and traffic analysis. This is useful for multiple blue team roles mainly malware researchers, security analysts, threat hunters and intelligence analyst.

    YARA rules have become one of the de facto industry standards for threat detection on files. It is important that blue teamers know what are YARA rules and the basic skills to correctly leverage them on file system, memory dumps and traffic analysis. This is useful for multiple blue team roles mainly malware researchers, security analysts, threat hunters and intelligence analyst.

    Writing YARA rules
    Reading YARA rules
    Enhancing YARA rules
    I will prepare a LINUX virtual machine that will be given to the attendees with some malware samples, memory dumps and pcaps and they will perform various exercises to learn the basic YARA skills. In this training, the attendees will learn:

    • How to install on Linux and Windows
    • How to develop several YARA rules for several malware samples
    • How to do targeted scans with YARA on file system
    • How to do memory YARA scans with volatility and rekall
    • How to YARA scan files on the network traffic
    • Video showing YARA detection on malicious files on pcap
    • Tool for automatically extracting and analyzing files with YARA rules on network traffic created by the author (YARAZeek)
    • Getting open YARA open source rules from well-known security researchers and other reputable sources.
    • Using VirusTotal Retrohunt

    Speaker(s): David Bernal Michelena

    Location: Blue Team Vlg / Blue Team Vlg - Workshop Track 1

    Discord: https://discord.com/channels/7082082...54317658734613

    Event starts: 2020-08-08 09:00 (09:00 AM) PDT (UTC -07:00)

    Event ends: 2020-08-08 10:30 (10:30 AM) PDT (UTC -07:00)

    For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-03T00:14 (UTC).
    Starts
    August 8, 2020 09:00
    Ends
    August 8, 2020 10:30
    Location
    Blue Team Vlg / Blue Team Vlg - Workshop Track 1
    Last edited by aNullValue; August 2, 2020, 17:52.
Working...