Applying YARA to Uncover Hidden Phishing Threats

Presented by

Robert Simmons, Independent Malware Researcher & Threat Researcher at ReversingLabs; Steve Garrett, Director of Customer Succ

About this talk

Phishing continues to be a primary attack vector, preying on unsuspecting yet targeted end users who unintentionally infect their systems. Often these attacks introduce new or updated malware which can go undetected for months. And to exacerbate the security challenge, EDR systems don’t often retain histories of the binaries executed on local endpoints. So organizations are faced with the dilemma- how do I uncover phishing payloads across my endpoints months after their IOCs are known? In this webinar, we’ll discuss: ● How to leverage an Email AbuseBox or “local repository” for suspicious Phishing attachments, and have this available for retro-hunting ● How to create a custom YARA rule to search for a particular byte sequence indicative of new IOCs ● How to apply these YARA rules across local repositories ● How to automate the retro-hunting process and alert on detections for action.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (22)
Subscribers (1715)
ReversingLabs is the leading provider of explainable threat intelligence solutions that shed the necessary light on complex file-based threats for enterprises stretched for time and expertise. Its hybrid-cloud Titanium Platform enables digital business resiliency, protects against new modern architecture exposures, and automates manual SOC processes with a transparency that arms junior analysts to confidently take action.