Most security analysis and detection tools support matching with regular expressions because of limitations in their own feature set. This means that if you can write regular expressions, you can search with infinite precision. This applies to IDS engines, SIEMs, and even command line tools like grep.
The phrase “searching for a needle in a haystack” is overused, but it’s a serious component of what security analysts do. A large part of our success is contingent on being able to search through large repositories of data and match things that meet very specific criteria.
Demystifying Regular Expressions will help you do exactly that.
Syllabus
- The most common uses of regular expressions and how to apply them in places you weren’t even aware of.
- The process of iteratively building and testing regular expressions for things you want to match.
- Techniques for overcoming common gotchas like dealing with whitespace
- How to Evaluate the efficiency of expressions by the number of steps it takes to match.
- A definitive guide to escaping so you’ll know when and how to do it
- How quantifiers can be used to match specific numbers of data occurrences
- How to use capture groups to reference specific matched content and perform additional operations on it
- Complex behavioral structures like lookarounds and conditionals
- The use of modifiers to match case-sensitive, enable free-spacing, or match in single line mode
نظرات کاربران
Comments: 0