#SASatHome, the online version of a renowned Security Analyst Summit took place on 28-30, April. Watch one of the highlights of the event – the talk by Costin Raiu, the director of Kaspersky’s Global Research and Analysis Team (GReAT) dedicated to combining code similarity with YARA.
There is little doubt that YARA has changed the threat hunting game. According to Costin, this is for a couple of reasons, between them: it is easy to learn, easy to use and easy to deploy. Indeed, pretty much anyone can learn and start writing YARA rules! Thanks to platforms such as VTMIS, threat hunting with YARA can help uncover threats against your organization and greatly improve your defenses and awareness. Yet, while many can do strings, code-based YARA rules are somehow rare.
In this talk, we combine code similarity with YARA to live hunt for some fresh stuff. And while at it, we’ll be learning who is NN and why does he keep losing at Chess?