Introduction
On August 31, 2021 we ran a joint webinar between VirusTotal and Kaspersky, with a focus on YARA rules best practices and real world examples. If you didn’t have the chance to watch the webinar live, you can see it as a recording on Brighttalk: Applied YARA training.
During the webinar we received an overwhelming response and we would like to thank all the participants for sharing their thoughts, questions and ideas; most of all, we are happy to see so much interest and enthusiasm for YARA!
During the 90 minutes of the webinar we only had the chance to answer a fraction of the questions we received. We would still like to answer the remaining ones, since we thought a lot of them are quite relevant to real world situations, practices and could be useful to other security practitioners. Even better, for the more tricky questions we decided to ask for help from the creator of YARA itself, Victor Manuel Alvarez (aka Hector Manuel Velasquez) who will help answer them. If you have further questions, please feel free to send them to us in the comments section. We will be happy to answer them too!
Stay safe, stay secure and Happy hunting!
Costin, Vicente and Victor
Q&A:
RULE WRITING
Q: How difficult is it writing a YARA rule for obfuscated payloads?Q: What file features normally you experts often look into when it comes to obfuscated files? How can YARA help?Q: What would be your tip / best practices for writing rules to catch obfuscated binaries?
Vicente here. Obfuscated files are tricky, but YARA can st ..
Support the originator by clicking the read the rest link below.
![Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary], (Sun, Mar 17th)](upload/sources/90591557817151.jpg)
