SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsGiven the current cyber threat landscape, organizations are now beginning to acknowledge the inexorable law that decrees that they will be compromised. Threat actors' tactics, techniques, and procedures demand intelligence-driven incident response, which in turn, depend upon methodologies capable of yielding actionable threat intelligence in order to adapt to each threat. The process to develop such intelligence is already in motion, heavily relying on behavioral analysis, and has given birth to cyber threat indicators as a means of fingerprinting and thus identifying new and unknown threats. This paper will focus on YARA, a malware identification and classification tool used as a scan engine, whose features will be explored in order to deploy indicators at the endpoint.