Go from hunted to hunter using your hands. It's time to reclaim your networks and start hunting for big game APT armed with the pattern matching Swiss knife called YARA. Learn how to author YARA rule signatures with techniques used by malware researchers to mercilessly hunt down the elusive adversary of advanced threat actors, and discover patterns in their code. We will review a real world case example using the components from PlugX APT malware to explain writing beginner to advanced YARA rules. Those who are already familiar with YARA can still come to improve their rule signature writing skills by learning how to catch different malware family variants, all the while keeping false positives to a minimum.
Jay DiMartino is a Senior Threat Researcher for Fidelis Cybersecurity. He enjoys being a malware defender and has been doing Malware Reverse Engineering for over 5 years, with several industry certifications.