Combining code similarity with YARA to find goodies

Logo
Presented by

Costin Raiu, Director Global Research & Analysis Team (GReAT)

About this talk

#SASatHome, the online version of a renowned Security Analyst Summit took place on 28-30, April. Watch one of the highlights of the event – the talk by Costin Raiu, the director of Kaspersky’s Global Research and Analysis Team (GReAT) dedicated to combining code similarity with YARA. There is little doubt that YARA has changed the threat hunting game. According to Costin, this is for a couple of reasons, between them: it is easy to learn, easy to use and easy to deploy. Indeed, pretty much anyone can learn and start writing YARA rules! Thanks to platforms such as VTMIS, threat hunting with YARA can help uncover threats against your organization and greatly improve your defenses and awareness. Yet, while many can do strings, code-based YARA rules are somehow rare. In this talk, we combine code similarity with YARA to live hunt for some fresh stuff. And while at it, we’ll be learning who is NN and why does he keep losing at Chess?
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (251)
Subscribers (57499)
On this channel, Kaspersky experts share their knowledge and key insights into high-fidelity threat hunting and intelligence, incident management, malware analysis, reverse engineering, security solutions, and several other vital aspects of the cyberworld. To keep you up to date, the experts also provide detailed webinars and workshops on how Kaspersky security solutions and services can halt and prevent a vast range of malicious attacks conducted by cybercriminals. Kaspersky is a global cybersecurity and digital privacy company that has been providing protection for 25 years, with over 400 million users from more than 200 countries. Kaspersky experts' mission is to help you find the perfect weapon to protect against any cyberthreat, carried out by even the most sophisticated cybercriminals. Kaspersky researchers are top-notch cybersecurity and protection technology experts, who regularly take part in leading information security events worldwide as best-in-class speakers. Kaspersky’s deep threat intelligence and security expertise is constantly being transformed into innovative security solutions and services that protect businesses, critical infrastructure, governments and consumers around the globe. Subscribe and learn more about the latest cybersecurity discoveries on the threat landscape and how to defend against them. Contact us at https://www.kaspersky.com/about/contact