To Catch An APT: YARA

DEF CON 24

Presented by: Jay DiMartino
Date: Saturday August 06, 2016
Time: 10:10 - 11:00
Location: Packet Hacking Village

Go from hunted to hunter using your hands. It's time to reclaim your networks and start hunting for big game APT armed with the pattern matching Swiss knife called YARA. Learn how to author YARA rule signatures with techniques used by malware researchers to mercilessly hunt down the elusive adversary of advanced threat actors, and discover patterns in their code. We will review a real world case example using the components from PlugX APT malware to explain writing beginner to advanced YARA rules. Those who are already familiar with YARA can still come to improve their rule signature writing skills by learning how to catch different malware family variants, all the while keeping false positives to a minimum.

Jay DiMartino

Jay DiMartino is a Senior Threat Researcher for Fidelis Cybersecurity. He enjoys being a malware defender and has been doing Malware Reverse Engineering for over 5 years, with several industry certifications.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats