For the past few years, we have been spreading our knowledge and experience of using YARA, often called a pattern matching swiss knife for malware researchers (and everyone else). Most of the time, this took the form of the Kaspersky training course titled, “Hunting APTs with YARA Like a GReAT Ninja”. The first YARA training session of that kind took place in February 2016, on the beautiful islands of Tenerife. We have had hundreds of participants attend sessions in over a dozen countries since then.
Our next YARA training session was scheduled to take place in Barcelona, during SAS 2020, however, the global situation and the spread of the novel 2019 coronavirus disease, aka COVID-19, forced us to postpone both the conference and the training.
Meanwhile, we have been receiving a lot of requests to make our YARA hands-on training available to more people. We are working on this and we should soon be able to provide it as an online training experience. Stay tuned for updates by following us on Twitter: @craiu @kaspersky.
With many people working from home and spending even more time online, it is also likely the number of threats and attacks will increase as well. Therefore, we have decided to share some of the YARA experience we have accumulated during recent years, in the hope that all of you will find it useful for keeping threats at bay.
So, if you have wondered how to leverage YARA better and how to achieve a new level of knowledge in APT detection, mitigation and response, it all boils down to a couple of secret ingredients and lots of work. While the work is up to you, we can help a bit with a preview of the secret ingredients.
Long story short:
When: March 31, 14:00 GMT
Where: BrightTalk - <https://kas.pr/z2o2>
Who: Security researchers and incident response personnel, malware analysts, security engineers, network security analysts, APT hunters and IT security staff
During the webinar, we will demonstrate examples of real-world hunting rules we have developed internally at GReAT. For instance, these allowed us to find zero-days in-the-wild, financial APT tools, malware targeting crypto-investors, or APT tools that sabotage and tag SSL traffic.
For researchers, knowledge of YARA opens up several interesting opportunities:
For organizations, this webinar will be useful if they commonly deal with problems, such as:
Last but not least, if you want to share feedback or if you have #yara questions that you would like answered at the webinar, please feel free to drop us some comments on Twitter. See you on March 31!