Workshop: Learning YARA from Scratch

Learning YARA from Scratch

Instructor: Sean Sabo

Duration: 4 Hours

Workshop Description:

"Learning YARA From Scratch" is a workshop covering YARA rule writing basics and some intermediate-level material. YARA is a tool whose motto is the "pattern matching Swiss knife" which enables defenders and threat researchers to write custom file-based signatures to root out malware. The workshop will cover how to use loops and iterators in addition to various string types and modifiers that YARA makes available to the rule developer. Tips on how to debug rules and write efficient rules are included. By the end of the workshop, the attendee should be able to "hunt for badness" using YARA rules.

Class Requirements:

• Laptop
• VS Code
• SSH Connection

About the Instructor:

Sean is a cyber security professional with over 10 years of experience. For the last 5 years, he has been reverse-engineering malware and tracking various APT groups. He enjoys writing YARA rules and has contributed to the YARA code base. He currently works as a Senior Cyber Security Researcher at Recorded Future. Prior to that, he was at ThreatConnect and on the ASERT team at Arbor Networks.