YARA - Effectively using and generating rules

  • Webcast Aired Tuesday, 11 Sep 2018 10:30AM EDT (11 Sep 2018 14:30 UTC)
  • Speaker: Erik Van Buggenhout

YARA rules are becoming one of the de facto standards in detection rules. During this interesting webcast, we will explain the different use cases of YARA, but also focus on how YARA rules can be effectively used and developed in your own environment. We will demonstrate tools that can help facilitate 'YARA rule development. The content will be covered by Erik Van Buggenhout (SANS Instructor) & Didier Stevens (SANS ISC Handler & malware expert). We cover YARA rules in more detail in the course SEC599: Defeating Advanced Adversaries: Purple Team Tactics & Kill Chain Defenses.