The experience that he has speaks volumes with respect to how detailed he explains, yet it is so simple to understand.
@carlosvalverde9075 Жыл бұрын
John could you possibly make a video for beginners on how to store and safely manage malware in a virtual environment? ❤
@demotedc0der Жыл бұрын
Growing with JH's content is such a beautiful experience,, I love it ,, Keep it up, John.
@lusamafatman1517 Жыл бұрын
John's content is really inspiring and his prowess in the field is something to behold. Quick question: How do I identify a malicious thread located in a memory dump file using memory forensics tools like volatility
@JesusDaniell Жыл бұрын
why do you remove the subtitles?
@Lampe2020 Жыл бұрын
I think Yara is a good tool to build an own antivirus client if you absolutely don't trust any existing AV solution or want a lightweight, dumbed-down, and customized AV.
@sudo-rem Жыл бұрын
@@newwindserver YARA can effectively detect certain types of variable obfuscation based on pattern occurrences or certain strings/operations/data surrounding certain functions. But in general, we levy different tools for this. YARA can and does support a large portion of antivirus solutions, but they're combined with other tools to perform the task.
@9thplayer Жыл бұрын
Nice vide John! Quick question, how to do Yara rule scan for multiple hosts? for an example if we are looking for an signature in all the users endpoint then what will be the easier way to run it and pull that report? Thank you.
@sudo-rem Жыл бұрын
You can do this in a few ways-- if you want to scan hosts directly, something like Ansible is really going to prop up your SOC to distribute and establish any sort of scanning. We locally host our ruleset in a single location, and then pull that ruleset every time we perform a scan so we're operating on the most recent version. Ultimately, it's typically a matter of simply pulling a ruleset from a single consolidated location to ensure you're operating on an updated ruleset, and then invoking it across each machine.
@9thplayer Жыл бұрын
@@sudo-rem sorry didn't get all of it. Could you please share any link if this is something explained in detail? Thank you.
@lancemarchetti8673 Жыл бұрын
Sounds like a cool tool... Only heard of it now. Shot Bro.
@Suryaprakash-wr7qh Жыл бұрын
I ran into problem when importing all rules recursively and detecting using python rules downloaded from same repo but I solved it by removing certain yar files that listed and acted like index to every other actual rule files
@uncleburu9464 Жыл бұрын
Please do video on how to create computer warm
@nordgaren2358 Жыл бұрын
Fire up any modern AAA video game!
@Ness-m8u Жыл бұрын
Do you help recover google accounts?
@mauritaniainjector3736 Жыл бұрын
Growing ❤
@osamazaid25 Жыл бұрын
You didn’t say the acronym for YARA. But it’s absolutely hilarious 😆
@kiyu3229 Жыл бұрын
what is it ?
@JohnSmith-jc7dk Жыл бұрын
Yet Another Ridiculous Acronym.
@ajaykumar1 Жыл бұрын
ThankYou so much john Nowdays, I'm study about malware analysis, at the right time you dropped the video 🤩🤩
@ricardoramirez8780 Жыл бұрын
This is awesome. Thanks.
@ninemoonplanet Жыл бұрын
How much info do you have with Linux for people who absolutely hate "wind blows" Windows? I know a lot of beta tests are run on Linux, but most people with desktops dual boot their computer. Anything other than doing what I just did, post disparaging remarks, sorry, would help Thanks 👍
@nordgaren2358 Жыл бұрын
Even if all of your machines are Linux machines, Windows still has the biggest market share, so you still need to know how it works. You would be severely limiting yourself, otherwise.