Malware Analysis Bootcamp - Creating YARA Rules
ฝัง
- เผยแพร่เมื่อ 1 ต.ค. 2024
- Welcome to the Malware Analysis Bootcamp. We will be covering everything you need to know to get started in Malware Analysis professionally. In this video, we will be taking a look at the syntax and structure of a YARA rule and how to create a simple YARA rule to classify our malware sample.
Malware Sample: s3.eu-central-...
Locky Ransomware Sample: s3.eu-central-...
Tools & links used in the video:
Windows VM's: developer.micr...
Fireye installation guide: www.fireeye.co...
Github Repository: github.com/fir...
◼️Get Our Courses:
Python For Ethical Hacking: www.udemy.com/...
Ethical Hacking Bootcamp: www.udemy.com/...
◼️Our Platforms:
Blog: hsploit.com/
HackerSploit Forum: hackersploit.org/
HackerSploit Cybersecurity Services: hackersploit.io
HackerSploit Academy: www.hackersplo...
HackerSploit Discord: / discord
HackerSploit Podcast: / hackersploit
iTunes: itunes.apple.c...
◼️Support us by using the following links:
NordVPN: nordvpn.org/ha...
Patreon: / hackersploit
I hope you enjoy/enjoyed the video.
If you have any questions or suggestions feel free to post them in the comments section or on my social networks.
Social Networks - Connect With Us!
-------------------------------
Facebook: / hackersploit
Twitter: / hackersploit
Instagram: / hackersploit
Patreon: / hackersploit
--------------------------------
Thanks for watching!
Благодаря за гледането
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
#MalwareAnalysis
We want more videos about web app pentesting ..👍
You have bug in your Yara rule (check how evaluation of url strings affects AND operator)
Subbed. Waiting for the rest of this course. Great work, man!
First
Bonjour, pouvez-vous m'aider j'ai écrit la règle yara j'ai pris l'échantillon du malware mais quand je fais le test avec l'option -r et -s on me renvoi rien comme le résultat qu'il y a bien des chaines que j'ai spécifié pour la correspondance. Merci de m'aider s'il vous plait
Thanks for this amazing Bootcamp. Please upload next videos.
😊😊😊😊
U r doing great job..thank you.
Waiting for your...dynamic analysis videos.
Password for unzip file?
ZIP password is “infected”
can i write a rule based on "This program cannot be run in dos mode" this string?
Hi the malware sample has a password on it , what is the password
I'm not sure if you'll see this, but in your demo, you "anded" the $MZ variable. it ran, because the three URLs were present so the Boolean logic returned true. But if the MZ wasn't present, you'd still return true if variable A or B was present, correct? I read this s "If A is true, or if B is true or if C AND MZ is true, return". Should the logic not be (($A or $B or $C) AND $MZ)? New user, only experienced with other nested boolean queries.
Hey watched all the 16 videos of this series and liked it vl.. Very informative and very well explained . Where are the other parts of analysis.. I Mean Dynamic Analysis... Please post videos on Dynamic analysis.. ..Thanks for posting such videos it helps a lot!!
My fb account was hacked and then my pubg mobile account hacked 😥😥😥😥
I am very disappointed
Hacker disable my fb account
Plsss help me anyone plssss help🙏🙏
the sample files asks for password, what is it?
hi brother, can you make a tutor for Linux package update problems, because when updates always occur errors and enter grub rescue mode which when I enter for normal insmod mode the result is always that the file does not exist, x86_amd64 / normal.mod
Thanks 🙏
Can default Yara become a 24 hours background running process and if it is matched it will fire and email?
Sir malware analysis please
Sir,I like your viedeos very much, I am waiting for you next vedio,I like binary analysis very much.Thanks!
make more videoss on yara and ida pro and olly debugger
Yikes watched all episodes until here and still feel like a maleware noob.
Hi
I tried to communicate with you but I couldn't I have a problem with Kali Linux
Bach: jarsigner command not found
What should I do ??
batch
Lol that’s my channel name such a coincidence
Someone told me that "Yara rules can also be used to convert a big data set in the form of clusters in machine learning " and it has a different use at different platforms. Is it true?
great, always after 4 Years :)
Go focus on your last "t" when you speak.
So is this how experts are able to say "this sample that has never been seen before is actually a variant of Emotet", for example? What if a sample is packed?
Bit of a late reply, but they can detect that its packed which can be very suspicious especially if the file is not digitally signed (often times antiviruses simply just classify a file as malicious if its packed in such a manner because they are unable to properly read and analyze its code; however, this naturally can lead to false positives). What anti-viruses typically do is something called "Heuristic analysis" by where they run the executable in a sandbox (a virtual machine if you will) and dynamically analyze its behavior on runtime (if its creating a registry key to achieve persistence such as making the executable run on startup, if its trying to delete system32 files, connecting to a weird IP, etc.). They also scan for patterns (typically a series of assembly op codes unique to that malware or family of malware) and other malicious strings/values once the executable loads and unpacks itself in memory. If the executable is deemed to be malicious during this heuristic scan, naturally the anti-virus will prevent it from running on the host computer and alert the user/quarantine the binary. Even though heuristic scanning can sound very performance heavy, this is often done quite quickly and thus is a viable solution for AV vendors and end users alike. I hope this answers your question!
Where can I learn more about malware analysis?
Thanks for this!
Helped a lot in starting with YARA !
Will this course continue?
can we create Yara rules for malware prevention or it can be used only for malware detection
YARA rules are a way of identifying malware (or other files) by creating rules that look for certain characteristics. Now you can write some Yara Rules and plug them into your EDR/AV solution to identify any behavioral aspect and hence block/quarantine the sample in question so that you can stop the attack before reaching to delivery stage in Kill-chain. That would solve your problem.
Great explanation thankyou!
thank youu
thanks waiting for more
Nicely done. Thanks!
Good
very good
thank u alotttt... :D
Great job!
Guys ZIP password is “infected”
Pin my comment please
منور اسمي😍
بالضبط 😂😂😂
Loved the tip about the free VMs, even though they are 90 day versions.
take snapshots
Great content, thank you! A kind request, please...Even watching in 1080HD, the screen of the Windows machine is not readable. Could you please address that? Once again, thank you a lot! Referring to the app used to extract the URLs and MZ (Hexadecimal Value)
Awesome video man Love from India Appreciating you hard work for the community. Love you
brother please can you make the video how to connect any mobile phone using python command please brother iam asking any video how to connect any mobile phone using python
i mean how to hack any mobile using pythone command please brother