Resource Smart Detection with YARA and osquery

Channel:
United States SANS Cyber Defense
Subscribers:
23,600
Published on ● Video Link: https://www.youtube.com/watch?v=ep6y89rx8ww


Duration: 25:58
1,022 views
22

Traditional filehash malware detection is relatively easy to circumvent as threat actors easily morph code to create "new" variants, rendering old IOC's useless. YARA, uses a different approach. Its rules match to small segments of code within the malware, making traditional morphing techniques ineffective. The challenge can be knowing which files to scan with YARA, as scanning everything can be expensive. This is where osquery comes in, it can tell us exactly which files have been executed, and therefore which files to scan. Even if a file has not been executed, osquery can use an alternative approach - creating whitelists from golden images - to identify unrecognized binaries. This session will provide an introduction to three open source tools: JA3, YARA, and osquery; and the benefits of using them.

Speaker: Saurabh Wadhwa, Security Solutions Engineer, Uptycs

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at http://www.sans.org/u/195g



Other Videos By SANS Cyber Defense


2021-01-24[Breakout #2] Translating TTPs into Actionable Countermeasures | All-Around Defenders
2021-01-24[Roundtable #2] Balancing Career & Life - Achieving Career Success | All-Around Defenders
2021-01-24[Lifestyle Discussion #1] Brewing The Perfect Cup of Coffee | All-Around Defenders
2021-01-24Breaking the Destructive Cycle of Stress | All-Around Defenders
2021-01-24[Breakout #1] Better Alerts via Log Enrichment | All-Around Defenders
2021-01-24[Roundtable] Cyber Defense Predictions: What Are We Going To See in 2021? | All-Around Defenders
2021-01-24[Introduction] All-Around Defenders: New Year, New Start | A Community Gathering
2021-01-13All About OSINT: Looking Forward, Looking Back
2020-12-12Building the Better Playbook: Techniques to Improve Repeatability | SANS Cyber Defense Forum 2020
2020-12-11Ask Us (Almost) Anything About Cyber Defense | SANS Cyber Defense Forum 2020
2020-12-10Resource Smart Detection with YARA and osquery
2020-12-09Automating Threat Hunting on the Dark Web and other nitty-gritty things | SANS Cyber Defense Forum
2020-12-07Ransomware Defense and Response: Minimizing Risk of an Increasing Threat | SANS Cyber Defense Forum
2020-12-06Resolve Security Alerts with Adaptive Intelligence and Guided Response | SANS Cyber Defense Forum
2020-12-05And Then There Were None (More False Positives): Writing Better EDR Detections | Cyber Defense Forum
2020-12-03XDR - The Hidden Pitfalls of Evaluation and Deployment | SANS Cyber Defense Forum 2020
2020-12-01Metrics on Steroids: Improving SOC Maturity using the SOC-CMM | SANS Cyber Defense Forum 2020
2020-12-01Taking Your Detection Program to the Next Level | SANS Cyber Defense Forum 2020
2020-11-29Analysis 101 for Incident Responders | SANS Cyber Defense Forum 2020
2020-11-28Hiding in the clouds: How attackers can use applications for sustained persistence & how to find it
2020-11-27Asking Questions and Writing Effectively | SANS Cyber Defense Forum 2020


Tags:
sans institute
sans cyber defense forum
cyber defense forum
cyber defense
cyber defedner
Saurabh Wadhwa
YARA
osquery