Identifying, classifying and categorizing files is a vital skill, especially if you are a information security professional, researcher, analyst or engineer. This workshop delves into the science and art of employing Yet Another Regex Analyzer (YARA), the pattern matching knife of choice and provides participants with the tools and techniques required to develop and deploy effective rules.
This workshop will include sections on constructing quality rules and learning advanced dectection tactics, including the use of combining string and hex values with boolean logic. Students will learn how to integrate YARA libraries and modules into their projects to extend rule capabilities as well as how methodologies on developing targeted vs generic rules.
The goal of this workshop is to instill skill and proficiency with YARA. The workshop is heavy with hands on work and seeks to build comprehension on what YARA should be used against, where YARA can play a crucial role, when YARA should be used (and when not); why YARA should be used by everyone in our field, and how YARA can make a difference in your work.