Reward Yourself! Get a $400 Amazon Gift Card with OnDemand 5 or 6 Section Training - Register Today!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Sharpen Your Threat Hunting Capabilities with YARA

  • Wednesday, June 20, 2018 at 3:30 PM EDT (2018-06-20 19:30:00 UTC)
  • Matt Bromiley, Evan Derheim, Victor Manuel Alvarez


  • Chronicle

You can now attend the webcast using your mobile device!



YARA is an open-source tool designed to help malware researchers proactively identify and classify malware samples in the future and from the past. With YARA, you can create pattern-based rules to analyze malware families. Whether you are new to YARA or an advanced user, we will share best practices for building rules and helping you level up your threat hunting capabilities.

This year is YARAs 10th anniversary, what better way to celebrate than by learning more about this proactive threat hunting tool!

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Evan Derheim

Evan is a Customer Experience Engineer for VirusTotal. Before coming to VirusTotal, he worked at both NASA’s security operation center and NASA’s supercomputing facility. An entrepreneur at heart, he has started two technology-centric businesses. He earned his BS studying information systems at San Jose State University. When he’s not dabbling with new business ideas, he enjoys watching Bay Area sports teams and working out.

Victor Manuel Alvarez

Victor is a Senior Software Engineer for VirusTotal and the creator of the malware hunting language, YARA Rules. He was an experienced Antivirus Researcher with strong abilities in reverse-engineering and low-level programming and debugging. Experience with a broad range of programming languages and technologies. Deep understanding of operating systems internals and Intel's processors.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.