Malware Analysis Bootcamp - Creating YARA Rules
Рет қаралды 64,738
Күн бұрын
@Tom-q1z7m Ай бұрын
Good tutorial, much better than those with powerpoint only. Thanks for sharing!
@DrHappybone 5 жыл бұрын
Subbed. Waiting for the rest of this course. Great work, man!
@AnshuKumar-gy6sw 5 жыл бұрын
Thanks for this amazing Bootcamp. Please upload next videos.
@abhijitnaik2006 4 жыл бұрын
Hey watched all the 16 videos of this series and liked it vl.. Very informative and very well explained . Where are the other parts of analysis.. I Mean Dynamic Analysis... Please post videos on Dynamic analysis.. ..Thanks for posting such videos it helps a lot!!
@moeaj1536 5 жыл бұрын
We want more videos about web app pentesting ..👍
@msecure5543 5 жыл бұрын
U r doing great job..thank you. Waiting for your...dynamic analysis videos.
@mritunjay706 2 жыл бұрын
Helped a lot in starting with YARA !
@sheadovas 5 жыл бұрын
You have bug in your Yara rule (check how evaluation of url strings affects AND operator)
@anonymousme5261 7 ай бұрын
can i write a rule based on "This program cannot be run in dos mode" this string?
@ねこねこ-f9w 4 жыл бұрын
Sir,I like your viedeos very much, I am waiting for you next vedio,I like binary analysis very much.Thanks!
@captain_shiv 5 жыл бұрын
Awesome video man Love from India Appreciating you hard work for the community. Love you
@faridazeidoubrah Жыл бұрын
Bonjour, pouvez-vous m'aider j'ai écrit la règle yara j'ai pris l'échantillon du malware mais quand je fais le test avec l'option -r et -s on me renvoi rien comme le résultat qu'il y a bien des chaines que j'ai spécifié pour la correspondance. Merci de m'aider s'il vous plait
@Crmabsn 2 жыл бұрын
I'm not sure if you'll see this, but in your demo, you "anded" the $MZ variable. it ran, because the three URLs were present so the Boolean logic returned true. But if the MZ wasn't present, you'd still return true if variable A or B was present, correct? I read this s "If A is true, or if B is true or if C AND MZ is true, return". Should the logic not be (($A or $B or $C) AND $MZ)? New user, only experienced with other nested boolean queries.
@jensulrich4848 Жыл бұрын
great, always after 4 Years :)
@jamysim7321 3 жыл бұрын
Can default Yara become a 24 hours background running process and if it is matched it will fire and email?
@lIlIllll1 4 жыл бұрын
Where can I learn more about malware analysis?
@arunrawat5476 4 жыл бұрын
Someone told me that "Yara rules can also be used to convert a big data set in the form of clusters in machine learning " and it has a different use at different platforms. Is it true?
@Ichinin 5 жыл бұрын
Loved the tip about the free VMs, even though they are 90 day versions.
@nikhilt3755 5 жыл бұрын
take snapshots
@aabdulr 5 жыл бұрын
Nicely done. Thanks!
@MzHSky 5 жыл бұрын
hi brother, can you make a tutor for Linux package update problems, because when updates always occur errors and enter grub rescue mode which when I enter for normal insmod mode the result is always that the file does not exist, x86_amd64 / normal.mod Thanks 🙏
@ericthomas8147 5 жыл бұрын
So is this how experts are able to say "this sample that has never been seen before is actually a variant of Emotet", for example? What if a sample is packed?
@憂鬱な冒険家 3 жыл бұрын
Bit of a late reply, but they can detect that its packed which can be very suspicious especially if the file is not digitally signed (often times antiviruses simply just classify a file as malicious if its packed in such a manner because they are unable to properly read and analyze its code; however, this naturally can lead to false positives). What anti-viruses typically do is something called "Heuristic analysis" by where they run the executable in a sandbox (a virtual machine if you will) and dynamically analyze its behavior on runtime (if its creating a registry key to achieve persistence such as making the executable run on startup, if its trying to delete system32 files, connecting to a weird IP, etc.). They also scan for patterns (typically a series of assembly op codes unique to that malware or family of malware) and other malicious strings/values once the executable loads and unpacks itself in memory. If the executable is deemed to be malicious during this heuristic scan, naturally the anti-virus will prevent it from running on the host computer and alert the user/quarantine the binary. Even though heuristic scanning can sound very performance heavy, this is often done quite quickly and thus is a viable solution for AV vendors and end users alike. I hope this answers your question!
@vgplays1862 11 ай бұрын
the sample files asks for password, what is it?
@kfashalsheik5162 5 жыл бұрын
Hi I tried to communicate with you but I couldn't I have a problem with Kali Linux Bach: jarsigner command not found What should I do ??
@matenjemaphone1321 5 жыл бұрын
batch
@itsAnaMC 3 жыл бұрын
Thanks for this!
@kekkettoful 3 жыл бұрын
Password for unzip file?
@pon4ik537 2 жыл бұрын
ZIP password is “infected”
@stevehae9017 4 жыл бұрын
Will this course continue?
@cyberi2009 5 жыл бұрын
thanks waiting for more
@swiftpaw7356 4 жыл бұрын
Great explanation thankyou!
@sherlockbakker6233 5 жыл бұрын
can we create Yara rules for malware prevention or it can be used only for malware detection
@BlackPerl 3 жыл бұрын
YARA rules are a way of identifying malware (or other files) by creating rules that look for certain characteristics. Now you can write some Yara Rules and plug them into your EDR/AV solution to identify any behavioral aspect and hence block/quarantine the sample in question so that you can stop the attack before reaching to delivery stage in Kill-chain. That would solve your problem.
@rewindgaming1053 Жыл бұрын
Hi the malware sample has a password on it , what is the password
@hontiangan5316 5 жыл бұрын
Great job!
@huzaifazahoor654 5 жыл бұрын
make more videoss on yara and ida pro and olly debugger
@valterpereiracjr 3 жыл бұрын
Great content, thank you! A kind request, please...Even watching in 1080HD, the screen of the Windows machine is not readable. Could you please address that? Once again, thank you a lot! Referring to the app used to extract the URLs and MZ (Hexadecimal Value)
@haraf9743 5 жыл бұрын
😊😊😊😊
@thabetboubaker2729 5 жыл бұрын
very good
@hardwork3196 5 жыл бұрын
thank u alotttt... :D
@yara5117 4 жыл бұрын
منور اسمي😍
@Baqilawati 3 жыл бұрын
بالضبط 😂😂😂
@alyagomaa5101 4 жыл бұрын
thank youu
@geethalatha4187 Жыл бұрын
Sir malware analysis please
@riyadriyaddawood 4 жыл бұрын
Lol that’s my channel name such a coincidence
@pawankagra9406 5 жыл бұрын
My fb account was hacked and then my pubg mobile account hacked 😥😥😥😥 I am very disappointed Hacker disable my fb account Plsss help me anyone plssss help🙏🙏
@pon4ik537 2 жыл бұрын
Guys ZIP password is “infected” Pin my comment please
@N50fficial17 5 жыл бұрын
Good
@johnmwansa4180 5 жыл бұрын
brother please can you make the video how to connect any mobile phone using python command please brother iam asking any video how to connect any mobile phone using python
@Arangol-cc5qs 5 жыл бұрын
First
@ChillerDragon 5 жыл бұрын
Yikes watched all episodes until here and still feel like a maleware noob.
@johnmwansa4180 5 жыл бұрын
i mean how to hack any mobile using pythone command please brother
@fraproxy 4 жыл бұрын
Go focus on your last "t" when you speak.
HackerSploit
Рет қаралды 47 М.
Gerald Auger, PhD - Simply Cyber
Рет қаралды 37 М.