Over the past couple of years, malware naming from Major AV companies has been collapsing into more generic signatures. Although this may speed up detection and maintenance for AV companies, it can impact small teams which use AV detections as one of the indicators to quantify events during malware triage. This talk will cover a number of options using open platforms where small teams can augment their current triage and detection process by building yara signatures from open platforms.
Sean is a researcher and incident responder with experience in malware analysis and reverse engineering. He is also an active contributor to open source security tools focused on incident response and analysis. Prior to PhishMe, Sean worked in a number of incident response and application security roles with a focus on security testing and threat modeling. He also loves fly fishing.