Detecting Malicious Files with YARA Rules as They Traverse the Network

  Рет қаралды 19,928

Black Hat

Black Hat

Күн бұрын

In this presentation, I will show how you can open source Zeek IDS (formerly bro) and how some custom developed scripts can be used to extract files from the network and identify attacks on an early stage before it causes more damage. Scanning for YARA files on the network has the benefit of increased performance, as compared to scanning several gigabytes or terabytes on the endpoint, as well as target specific mime types, used for malware delivery.
By David Bernal
Full Abstract & Presentation Materials: www.blackhat.c...

Пікірлер
Classify Malware with YARA
25:21
John Hammond
Рет қаралды 30 М.
Ghidra - Journey from Classified NSA Tool to Open Source
47:36
“Don’t stop the chances.”
00:44
ISSEI / いっせい
Рет қаралды 62 МЛН
To Brawl AND BEYOND!
00:51
Brawl Stars
Рет қаралды 17 МЛН
So Cute 🥰 who is better?
00:15
dednahype
Рет қаралды 19 МЛН
Tracking Threat Actors through YARA Rules and Virus Total - SANS DFIR Summit 2016
27:50
SANS Digital Forensics and Incident Response
Рет қаралды 26 М.
SOC Analyst Skills - Wireshark Malicious Traffic Analysis
24:19
Gerald Auger, PhD - Simply Cyber
Рет қаралды 59 М.
SANS Webcast: Effective (Threat) Hunting Techniques
54:01
SANS EMEA
Рет қаралды 29 М.
Threat Hunting via Sysmon - SANS Blue Team Summit
51:01
SANS Institute
Рет қаралды 63 М.
Finding Evil with YARA
17:57
13Cubed
Рет қаралды 24 М.
Process Injection Techniques - Gotta Catch Them All
48:31
Black Hat
Рет қаралды 22 М.
DevSecOps : What, Why and How
52:46
Black Hat
Рет қаралды 59 М.
Practical Malware Analysis Essentials for Incident Responders
50:49
RSA Conference
Рет қаралды 151 М.