oalabs

Introduction to YARA Part 3 - Rule Use Cases (Patreon)

Published:

2024-01-17 00:41:59

Imported:

2024-03

Tags:

RE101 yara

Content

Unlocked For Everyone 🔓

This is the third part of our four-part tutorial series covering YARA basics. In this tutorial we cover different use cases for YARA and how these use cases will impact the rule development and deployment.

Unlike the other tutorials in this series this tutorial is more theoretical and is intended to provide some background on when certain types of rules should and should not be used. There is a technical counterpart of this tutorial that we have published on the UnpacMe site with tutorials that demonstrate building each type of rule discussed in this tutorial.

Identifying specific malware families (unpacked)

Identifying malware on disk or in network traffic (packed)

Hunting (malware characteristics)

Files

Introduction to YARA Part 3 - Rule Use Cases

In this OALABS Patreon tutorial we cover the three main use cases for YARA rules and how they apply to both BlueTeam/SOC operations and malware analysis. The following are links to UnpacMe specific tutorials for developing each type of rule. Identifying specific malware families (unpacked) https://support.unpac.me/howto/hunting-with-yara/#identifying-specific-malware-families-unpacked Identifying malware on disk or in network traffic (packed) https://support.unpac.me/howto/hunting-with-yara/#identifying-malware-on-disk-or-in-network-traffic-packed Hunting (malware characteristics) https://support.unpac.me/howto/hunting-with-yara/#hunting-malware-characteristics ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----