$3,000.00
Schedule
Available Upon Request
Location
Available Upon Request
Delivery Method
Classroom & Online
Certification
Certification of Completion
Audience / Level
Pro
Prerequisites
Commanding YARA, Pattern Recognition and Profiling, Regular Expressions and Pattern Analysis
Requirements
Laptop required
Course Details
Program Introduction
We took the best from our two foundation YARA classes, added some really advanced techniques to handle tough situations, and then combined it with a healthy amount of python to create a 3-day powerhouse course.
As a reminder, YARA understands files and can interrogate them at a binary level to understand their most fundamental aspects. In the class, students are immersed in YARA—rapidly building rules to classify files and craft fuzzy logic to heuristically find others that defy easy identification. In an interactive environment, students learn to rapidly identify files and then build profiles of fuzzy logic to overcome obstacles—to overcome the cryptors, packers, protectors and obfuscation that make classification a struggle.
Students use python to automate file classification with existing rules and to create new ones for the unknown. When a student departs this class they will have practical understanding, confidence and experience to craft YARA rules for any file, in any level of protection against detection.
Course Objectives
- It’s designed for those with a background in threat intelligence with a need for greater understanding and practical application of YARA.
- It conveys the necessary concepts, principles and terms to lay down a solid foundation.
- It is a comprehensive course, providing technical experience with using YARA.
Target Student
Coming Soon
Instructor
Monty St John
Monty St John is a computer science and information security expert, U.S. Navy and U.S. Air Force veteran, certified instructor, and author of dozens of classes for CyberDefenses. He has assisted numerous companies build and accredit laboratories, threat teams, and security operations centers. He’s also a prolific writer with two upcoming technical volumes set for 2018; Game Designer and Speaker. Learn more about Monty St John
Additional Information
- Laptop required
- Requires basic knowledge of computers, technology and command line interface (CLI)
- Open and operate browsers
- Find and use command line
- Execute scripts
- Prior threat intelligence, incident response, infosec, or forensics experience a plus
- Understanding of virtual machines (VM) and how to use one
- Understand how to import and power on a VM
- Open and operate browsers
- Find and use command line
- Execute scripts
- Understand how to import and power on a VM
Course Outline
- Introduction
- Quick YARA recap
- Rule Organization
- Rule Sets
- Vertical & Orthogonal
- Case Study: YARA Lab
- Rule Techniques
- YARA Calculus
- Tree Patterns
- Case Study: File
- Classification
- Overcoming Packing
- Handling Protection Measures
- File Interrogation
- Deconstruction Techniques
- Use Case: Dissection
- Fast Creation
- Modular approach
- Use Case: YARAGen
- Reporting
- Documenting with YARA
- Use Case YARA Reporter
- Tips and Tricks
- Wrap-up & Close
- Rule Sets
- Vertical & Orthogonal
- Case Study: YARA Lab
- YARA Calculus
- Tree Patterns
- Case Study: File
- Overcoming Packing
- Handling Protection Measures
- Deconstruction Techniques
- Use Case: Dissection
- Modular approach
- Use Case: YARAGen
- Documenting with YARA
- Use Case YARA Reporter