دوره BlackPerl – Yara for Incident Responders

YARA rules are used to classify and identify malware samples by creating descriptions of malware families based on textual or binary patterns. YARA rules are malware detection patterns that are fully customizable to identify targeted attacks and security threats specific to your environment. There are many detection tools, EDR, IR application uses this awesome tool to increase their capability in DFIR. While we work on incident response, it’s a must for us that we increase our learning scope and level up the game of technical aspect. Learning Yara will help you to level up your incident response skills.

Syllabus

  1. Introduction
  2. Basics about Yara
  3. Writing Yara Rule
  4. Strings in Yara
  5. Regular Expression Basics
  6. Yara in Incident Response
  7. Retro Threat-Hunt using Yara
  8. Yara in Memory Forensics
  9. Course Evaluation

BlackPerl – Yara for Incident Responders