Classify Malware with YARA
jh.live/soc || Join me for the SOC Analyst Appreciation Day! A completely FREE event on October 18th by DEVO! jh.live/soc
00:00 - YARA
00:47 - Setting Up
03:10 - Using YARA
04:02 - Writing rules
10:44 - Rule Resources
12:39 - Another Rule Resource
17:23 - YARA Integration
20:09 - Final Resources
🔥 KZread ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
Пікірлер: 34
The experience that he has speaks volumes with respect to how detailed he explains, yet it is so simple to understand.
John could you possibly make a video for beginners on how to store and safely manage malware in a virtual environment? ❤
Growing with JH's content is such a beautiful experience,, I love it ,, Keep it up, John.
John's content is really inspiring and his prowess in the field is something to behold. Quick question: How do I identify a malicious thread located in a memory dump file using memory forensics tools like volatility
Sounds like a cool tool... Only heard of it now. Shot Bro.
This is awesome. Thanks.
why do you remove the subtitles?
Growing ❤
Nice vide John! Quick question, how to do Yara rule scan for multiple hosts? for an example if we are looking for an signature in all the users endpoint then what will be the easier way to run it and pull that report? Thank you.
@sudo-rem
8 ай бұрын
You can do this in a few ways-- if you want to scan hosts directly, something like Ansible is really going to prop up your SOC to distribute and establish any sort of scanning. We locally host our ruleset in a single location, and then pull that ruleset every time we perform a scan so we're operating on the most recent version. Ultimately, it's typically a matter of simply pulling a ruleset from a single consolidated location to ensure you're operating on an updated ruleset, and then invoking it across each machine.
@9thplayer
8 ай бұрын
@@sudo-rem sorry didn't get all of it. Could you please share any link if this is something explained in detail? Thank you.
ThankYou so much john Nowdays, I'm study about malware analysis, at the right time you dropped the video 🤩🤩
I ran into problem when importing all rules recursively and detecting using python rules downloaded from same repo but I solved it by removing certain yar files that listed and acted like index to every other actual rule files
I think Yara is a good tool to build an own antivirus client if you absolutely don't trust any existing AV solution or want a lightweight, dumbed-down, and customized AV.
@sudo-rem
8 ай бұрын
@@newwindserver YARA can effectively detect certain types of variable obfuscation based on pattern occurrences or certain strings/operations/data surrounding certain functions. But in general, we levy different tools for this. YARA can and does support a large portion of antivirus solutions, but they're combined with other tools to perform the task.
How much info do you have with Linux for people who absolutely hate "wind blows" Windows? I know a lot of beta tests are run on Linux, but most people with desktops dual boot their computer. Anything other than doing what I just did, post disparaging remarks, sorry, would help Thanks 👍
@nordgaren2358
8 ай бұрын
Even if all of your machines are Linux machines, Windows still has the biggest market share, so you still need to know how it works. You would be severely limiting yourself, otherwise.
Cool
You didn’t say the acronym for YARA. But it’s absolutely hilarious 😆
@kiyu3229
8 ай бұрын
what is it ?
@JohnSmith-jc7dk
8 ай бұрын
Yet Another Ridiculous Acronym.
Do you help recover google accounts?
❤❤
Please do video on how to create computer warm
@nordgaren2358
8 ай бұрын
Fire up any modern AAA video game!
Wow
Pegasus ? 🤣
5th
14 min ago 4th
2nd comment leggo