Detecting Malicious Files with YARA Rules as They Traverse the Network

  Рет қаралды 19,928

Black Hat

Black Hat

Күн бұрын

In this presentation, I will show how you can open source Zeek IDS (formerly bro) and how some custom developed scripts can be used to extract files from the network and identify attacks on an early stage before it causes more damage. Scanning for YARA files on the network has the benefit of increased performance, as compared to scanning several gigabytes or terabytes on the endpoint, as well as target specific mime types, used for malware delivery.
By David Bernal
Full Abstract & Presentation Materials: www.blackhat.c...

Пікірлер
Ghidra - Journey from Classified NSA Tool to Open Source
47:36
Classify Malware with YARA
25:21
John Hammond
Рет қаралды 30 М.
It works #beatbox #tiktok
00:34
BeatboxJCOP
Рет қаралды 41 МЛН
Try this prank with your friends 😂 @karina-kola
00:18
Andrey Grechka
Рет қаралды 9 МЛН
It’s all not real
00:15
V.A. show / Магика
Рет қаралды 20 МЛН
MALWARE ANALYSIS - VBScript Decoding & Deobfuscating
42:23
John Hammond
Рет қаралды 1 МЛН
SANS Webcast: Effective (Threat) Hunting Techniques
54:01
SANS EMEA
Рет қаралды 29 М.
Tracking Threat Actors through YARA Rules and Virus Total - SANS DFIR Summit 2016
27:50
SANS Digital Forensics and Incident Response
Рет қаралды 26 М.
Threat Hunting via Sysmon - SANS Blue Team Summit
51:01
SANS Institute
Рет қаралды 63 М.
Finding Evil with YARA
17:57
13Cubed
Рет қаралды 24 М.
FA2024 Week 12: Forensics (2024-11-21)
27:42
SIGPwny
Рет қаралды 59
MALWARE ANALYSIS // How to get started with John Hammond
55:45
David Bombal
Рет қаралды 295 М.
SOC Analyst Skills - Wireshark Malicious Traffic Analysis
24:19
Gerald Auger, PhD - Simply Cyber
Рет қаралды 59 М.
Death to the IOC: What's Next in Threat Intelligence
26:28
Black Hat
Рет қаралды 13 М.