Effective YARA

BSidesCharm 2017

Presented by: Monty St John
Date: Saturday April 29, 2017
Time: 10:00 - 18:00
Location: Training 1

Identifying, classifying and categorizing files is a vital skill, especially if you are a information security professional, researcher, analyst or engineer. This workshop delves into the science and art of employing Yet Another Regex Analyzer (YARA), the pattern matching knife of choice and provides participants with the tools and techniques required to develop and deploy effective rules.

This workshop will include sections on constructing quality rules and learning advanced dectection tactics, including the use of combining string and hex values with boolean logic. Students will learn how to integrate YARA libraries and modules into their projects to extend rule capabilities as well as how methodologies on developing targeted vs generic rules.

The goal of this workshop is to instill skill and proficiency with YARA. The workshop is heavy with hands on work and seeks to build comprehension on what YARA should be used against, where YARA can play a crucial role, when YARA should be used (and when not); why YARA should be used by everyone in our field, and how YARA can make a difference in your work.

Monty St John

Monty St John is a partner at CyberDefenses and equally husband, father, and game enthusiast. It's a close tie between what occupies his mind more -- gaming or security. Having been involved in security, software development and forensics for a couple of decades, Monty chose to narrow his scope in 2008 to focus on digital forensics, incident response, and threat intelligence. He has a B.S. in Computer Science from Grantham University, enough certifications to paper a wall in his office, and has been an instructor on various digital forensics and threat intelligence topics for the last 3 years.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats