Threat Hunting with Yara

Notes from Threat Hunting like Ninja workshop

What can we do with Yara

Who uses Yara

Recommendation when writing Yara Rules

Basics

Three parts: meta (descriptions,..), strings (what are we looking for) and condition (under which circumstances)

Strings support

Conditions

Desing Yara Rules

Naming convention

Example

More about metadata

Hashes in Yara Rules

Common Mistakes

Better Approach

Yara Sources

Testing

Automatic Yara Generator

Examples