Yara - Malware Analysis And Threat Detection
Published 1/2024
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English | Size: 1.18 GB | Duration: 3h 6m
Published 1/2024
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English | Size: 1.18 GB | Duration: 3h 6m
Blue Team Defensive Operations
What you'll learn
Learn to Write YARA Rules Based on Real World Scenarios
Develop Your Own Custom Testing Tools
Find Out How to Detect OS Manipulation and Network Recon Capabilities
Learn How to Use YARA to Spot Covert Channels and Sensitive Data Leaks
Develop Rules to Detect the Presence of RATs and Shells
Leverage YARA to Detect Spyware, Key Loggers, and Audio Sniffers
Requirements
Some experience with YARA is helpful, but not required.
Description
Unleash the power of YARA and elevate your expertise in malware analysis and threat hunting with our comprehensive online course. Designed for cybersecurity professionals, incident responders, and threat hunters, this course delves into the intricacies of YARA, a robust tool for creating custom signatures and identifying malicious patterns within files.Whether you're a seasoned cybersecurity expert or a beginner looking to enhance your skills, our carefully crafted modules will guide you through real-world scenarios. The goal is to teach not just how to write YARA rules, but what to look for in different threat situations.By the end of the course, you'll have the expertise to create effective YARA rules, conduct malware analyses, and bolster your organization's defenses against evolving cyber threats.Course Highlights:Introduction to YARA:Explore the fundamentals of YARA syntax and rules.Understand the role of YARA in the context of malware analysis and threat detection.Creating Effective YARA Rules:Learn the art of crafting precise and effective YARA rules.Gain hands-on experience in creating rules for various types of malware.YARA for Threat Hunting:Harness YARA's potential for proactive threat hunting.Develop skills to identify and analyze potential threats in large datasets (PII/PHI leaks).Write Rules Based on Real Life Examples:Detect malware, ransomware, PII, and PHI leaks.Use YARA to find OS Manipulation, Network Recon, and covert channels.Who Should Attend: Cybersecurity professionals, threat analysts, incident responders, and anyone involved in the detection and analysis of malicious software will benefit from this course.Prerequisites: Basic knowledge of malware analysis and familiarity with programming concepts will be beneficial.Duration: This online course is self-paced, allowing participants to learn at their own speed.Join us on a journey to enhance your malware analysis skills and fortify your organization's defense against cyber threats using the powerful tool of YARA. Enroll today and stay ahead of the evolving landscape of cybersecurity.
Overview
Section 1: Introduction
Lecture 1 Introduction
Lecture 2 Course Content and Structure
Lecture 3 Ethics
Lecture 4 Lab Setup
Section 2: Fundamental Concepts of Malware
Lecture 5 Malware Overview
Lecture 6 Avoiding Detection
Section 3: Writing Yara Rules
Lecture 7 Overview of YARA
Lecture 8 Anatomy of a Yara Rule
Lecture 9 Naming Conventions
Section 4: Developing Testing Tools
Lecture 10 Producing a Static Test File
Lecture 11 Extracting Strings from a Static File
Lecture 12 Producing a Static Executable Test File
Lecture 13 Producing a Dynamic Executable Test File
Section 5: Identifying File Types and Content
Lecture 14 Overview
Lecture 15 Executable Files
Lecture 16 JPG Images
Lecture 17 PDF Files
Lecture 18 Suspicious Content
Lecture 19 Sensitive Data
Lecture 20 Source Code
Lecture 21 IIS Log Files
Lecture 22 Working with Apache Files
Lecture 23 FTP Server Transaction Logs
Section 6: Indications of Network Recon Activities
Lecture 24 Overview
Lecture 25 Attempting to Lookup the External IP Address
Lecture 26 Sniffing LAN Traffic
Lecture 27 Living Off the Land - Networking Commands
Section 7: Identifying Network Communications
Lecture 28 Overview
Lecture 29 Setting Up a TCP Socket
Lecture 30 Sending UDP Messages
Lecture 31 Sending SMTP Mail
Lecture 32 Looking for FTP Activity
Lecture 33 IRC Detection
Lecture 34 Signs of DNS Stuffing
Section 8: Detecting OS Manipulation
Lecture 35 Overview
Lecture 36 Windows Net Commands
Lecture 37 Accessing the Hosts File
Lecture 38 Disabling Anti-Virus
Lecture 39 Creating a Service
Lecture 40 Certificate Injection
Lecture 41 Finding Droppers
Section 9: Spying and Data Collection
Lecture 42 Overview
Lecture 43 Finding Key Logging Code
Lecture 44 Detecting Screen Captures
Lecture 45 Audio Sniffing
Lecture 46 Reading the Windows Clipboard
Section 10: Finding RATs
Lecture 47 Overview
Lecture 48 VNC Remote Access
Lecture 49 RDP Configuration
Lecture 50 Telnet Enabled
Lecture 51 Webcam Connections
Section 11: Crypto, P2P, and Ransomware
Lecture 52 Overview
Lecture 53 Demanding Payment
Lecture 54 TOR Connections
Lecture 55 Mining for Crypto
Lecture 56 Finding P2P Software References
Lecture 57 DIY P2P
Section 12: Common Tools and Shells
Lecture 58 Overview
Lecture 59 Nmap References
Lecture 60 Reverse Shells with Netcat
Lecture 61 Looking for Web Shells
Lecture 62 Detecting PowerShell Empire
Lecture 63 Finding MSF Venom Generated Files
Section 13: Course Resources
Lecture 64 YARA Rule Files
Section 14: Conclusion
Lecture 65 Summary and Thank You
Malware Analysts and Reverse Engineers,Threat Hunters and Incident Response Team Members,Blue Teams and Defensive Specialists,Anyone Interested in Cybersecurity