BSidesKC Security Conference | April 20-21, 2018 | Cerner Innovations Campus, KC, MO

Crafting YARA Workshop

Friday 8:30-11:30

Fast-paced, organized introduction to the simple, but powerful art of building logic with YARA to detect and analyze files. YARA is the pattern matching king of analysis tools, compatible with nearly every platform out there, open source and built in C.  If it’s not in your trusted tool set for incidents and intelligence work – it should be. In this 3-hour workshop, students are introduced to YARA and then quickly learn to craft efficient, effective and useful rules.  This is a how-to rule building class that fits nicely with the hands-on usage workshop taught in the afternoon.

Learning Objectives:

  • Use design principles and YARA’s robust language to build effective, efficient reusable rules
  • Design and build reusable rules for file analysis and interrogation
  • Identify and classify files, organizing them into groups based on custom attributes

Take-Aways:

  • Virtual Machine with custom YARA rules & code projects
  • Multiple How-to documents on building, crafting and structuring rules

Prerequisites for students

To get the most out of this workshop, you should have familiarity with basic analysis and hunting methods and be comfortable working with files in hex and at the command line. Python experience recommended.

Instructor:

Monty St John
Director of Intelligence Services

Monty St John is the Director of the Intelligence Division of Cyberdefenses and is one of the primary instructors in the Cyberdefenses Academy, educating and raising the bar for the cybersecurity field. Monty’s history with security is long and varied, starting in 1990 with his initial grounding in intelligence work while in uniform and culminating in a seven-year stint with the Office of Special Investigations at the Defense Cyber Crime Center. He consistently strives to find new pathways to innovate in the realms of intelligence and investigation, crafting techniques to define, analyze or shape information into functional intelligence.

Monty speaks frequently at industry events and with customers about computer forensics, incident response, threat intelligence and reverse engineering. It’s rare not to bump into him at a conference, quietly and sometimes loudly trying to guide the dialogue in cybersecurity.

CyberDefenses exists for one purpose – to shield customers against cyber threats. Businesses and government agencies rely on our managed security services and comprehensive training delivered by highly seasoned and credentialed security experts and threat hunters since 2001. From identity management, security monitoring, threat detection, incident response, executive oversight and more, our services portfolio is tightly engineered to cover the threats organizations face today. For more information, please visit www.cyberdefenses.com.