What are Yara Rules (and How Cybersecurity Analysts Use Them)
Ғылым және технология
In this video, we are explaining what Yara rules are and how to use them in practice. We will look at two examples, explain where they fit in the cybersecurity ecosystem, and how you can write your own.
📒 Show Notes 📒
⏰ Markers
0:00 Preview
Simply Cyber's mission is to help purpose driven professionals make and and take a cybersecurity career further, faster.
---------------------------------------------------------------------------------
🤝 Social Media 🤝
LinkedIn: / geraldauger
Twitter: / gerald_auger
KZread: / geraldauger
Discord: / discord
Twitch: / gerald_auger_simplycyber
---------------------------------------------------------------------------------
🔥 My Curated Free Cyber Resources: SimplyCyber.io
---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
🙌🏼 Donate 🙌🏼
Like the channel and got value? Please consider supporting the channel
www.buymeacoffee.com/SimplyCyber
---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
😎 Merch 😎
👉🏼 SimplyCyber Branded Gear: teespring.com/stores/simplycyber
---------------------------------------------------------------------------------
🎥 My livestreams are produced through StreamYard. Get a $10 credit using my referral link below if you ever upgrade to pro plan.
STREAMYARD $10 REFERRAL - streamyard.com?pal=6534222448689152
Disclaimer: All content reflects the thoughts and opinions of Gerald Auger and the speakers themselves, and are not affiliated with the employer of those individuals unless explicitly stated.
Пікірлер: 38
50k subs holy crap!! (Just the Yara video I needed)
Great video, thank you!
@SimplyCyber
3 жыл бұрын
My pleasure!
Good explanation Sir. Thanks.
@SimplyCyber
2 жыл бұрын
You are welcome
Really helpful.Thanks
@SimplyCyber
3 жыл бұрын
Glad it was helpful!
Excellent explanation! Subbed!
@SimplyCyber
8 ай бұрын
Awesome, thank you!
great video!!!!
your channel is not bad, keep it up mate
@SimplyCyber
3 жыл бұрын
I'm trying. Thanks for stopping by. I'll keep at it.
Hi Gerald Thanks for the video. Loved it Can we use YARA rules to scan js scripts???
@SimplyCyber
2 жыл бұрын
I believe you can. Yara is looking for static elements and JS is interpreted so it can be read by the scanner. Go for it!
Subscribed!!
Hi Gerald! Your channel was recommended to me. I'm new to cybersecurity. I received my CompTIA Security+ certification in Dec and am currently going through the SOC Analyst 1 training via Cybrary. I want to be on the "red team" but was told that SOC Analyst is where you must start. Is this true? Also, where do you recommend I start with your videos? Your channel is much appreciated! Thanks in advance.
@SimplyCyber
3 жыл бұрын
Where you must start?!?! absolutely no. if you want red, go get the eJPT (plus the training), play with hackthebox, or TryHackMe. Take Cybermentors Practical Ethical Hacking course (he runs deals all the time so you can get a great course for $10), and/or look at Hackersploit. You can get work doing bug bounty or working for Cobalt Core, if you dont just get a pentesting gig with a big consulting firm that has contracts for that type of work. It rubs me wrong when someone tells someone knew to the field they have to start somewhere. The field is huge. You could do audit, system hardening, engineering, network security..... must start on soc analyst PSSHTT!. SOC analyst/blue is a great job and very rewarding/lot of opportunity, but by no means the place you MUST start.
@brittanywashington5194
3 жыл бұрын
@@SimplyCyber Wow thank you, thank you for your response. I was worried that I'd need at least 5 years of experience before attempting to transition to the red team. Even though the training I'm doing for the SOC Analyst is interesting , ultimately I KNOW it's not what I want to do. I'm definitely going to check out everything you recommended. Thanks again.
@-tofolt-4358
8 ай бұрын
@@brittanywashington5194how are you doing today?
Hi Gerarld , do you know some course Yaral to Chronicle of google ? I need learn language yaral
Boom 💥 good one
@SimplyCyber
3 жыл бұрын
Thank you
Very well done. Thank you
@SimplyCyber
3 жыл бұрын
Thanks Doug. :)
Super tips
@SimplyCyber
3 жыл бұрын
Thank you.
You should have shown how to use this yara rule.
@SimplyCyber
3 жыл бұрын
Good point. Next time. I did install Yara and messed w it, but was hustling to get the vid out and forgot. Started a new job so super busy
What is the benefit of writing Hexadecimal strings? Wouldn't it be simpler to use the plaintext string option since you'd have to run the plaintext through a converter anyway? Thank you for this video by the way, it has helped me grasp the basic concepts of Yara rules rather quickly.
@ronbouj
2 жыл бұрын
Sometimes the ASCII characters used are obscure, you might not have them on your keyboard. So it is much quicker to use hex.
@bruh5073
Жыл бұрын
You would usually want to find the most unique looking strings. For some of those strings its easier to add the hex version of it and the add a comment after it telling you which string it is.
@dmknght8946
9 ай бұрын
if you want to match instructions, hex string is the better way (and researchers can run malware in emulator and scan with yara) an other advantage is jump, wildcard and other stuff that hex string supports so no need to use regex for simple matches.
I'm stuck on the Yara room in Try Hack Me, but also because I don't know enough Linux..
❤❤❤❤❤
where is a yara book
Is important you know Yara?
@SimplyCyber
Жыл бұрын
If ur blue team operator it’s helpful
Anyone here after advent of cyber 😅😂