-
Notifications
You must be signed in to change notification settings - Fork 0
Ops 401: Class 31
Nicholas Loiacono edited this page Jun 1, 2023
·
1 revision
This topic matters as it relates to what I'm studying in this module because it helps me understand how to proactively detect malware using specific patterns. It's an essential tool in threat hunting and malware analysis, key areas in the cybersecurity field.
Threat hunting aims to identify and mitigate cyber threats in a network before they cause harm. Unlike traditional threat monitoring that waits for alerts from security systems, threat hunting actively seeks out signs of malicious activity.
- String-based rules look for specific text strings in the software.
- File metadata-based rules analyze properties of files, like their type or size.
- Hash-based rules use unique codes called hashes that represent the contents of a file.
- Network-based rules examine network traffic data such as IP addresses.
YARA rules and Anti-Virus programs both search for signs of malware in your system. They scan files and look for patterns or characteristics that match known malicious software, helping keep your system safe.
Things I want to know more about are the actual process of creating customized Yara Rules, how to implement these rules in various environments, and the limitations or challenges in using Yara Rules in large-scale or highly complex systems.
imarbaz. (2023, January 01). Threat Hunting Using Yara. Geeks For Geeks. Yara Threat Hunting
Tomlinson, K. (2020, March 19). What are YARA rules?. Archer Energy Solutions LLC. Yara Rules