Slide 1

Slide 1 text

YARA TOOLKIT

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

DEMO DEMO

Slide 4

Slide 4 text

👀

Slide 5

Slide 5 text

Analysis similar binaries Identify unique patterns strings, code... Build the rule with your findings Test on a cleaned dataset Deploy to the service of choice Monitor everything

Slide 6

Slide 6 text

Import Module pe, elf, hash, math, cuckoo, dotnet, time Rule Name Global rules, Private rules, Rule tags Metadata Author, Date, Description, Etc… Strings Text strings, Hexadecimal string, Regex Text Strings nocase, wide, fullword, xor(0x01-0xff), base64 Hexadecimal Wild-cards: { 00 ?2 A? }, Jump: { 3B [2-4] B4 }Alternatives: { F4 (B4 | 56) } REGEX Conditions Boolean operators, Arithmetic operators, Bitwise operators, Counting strings, Strings, offset https://blog.securitybreak.io/security-infographics-9c4d3bd891ef#18dd

Slide 7

Slide 7 text

memset(key, fillValue, sizeof(key)); memset(permutedArray, fillValue_1, sizeof(permutedArray)); for ( i = 0i64; i != 256; ++i ) { permutedArray[i] = i; key[i] = RC4key[(int)i % 12]; // '3jB(2bsG#@c7' } index1 = 0i64; index2 = 0; do { currentValue = permutedArray[index1]; index2 += key[index1] + currentValue; swapValue = permutedArray[index2]; permutedArray[index2] = currentValue; permutedArray[index1++] = swapValue; }

Slide 8

Slide 8 text

CVE-2021-1732 was a Local Privilege Escalation (LPE) exploit on Windows 10, exploited in the wild by the Bitter APT.

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

No content

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

No content

Slide 16

Slide 16 text

Yara Documentation, Useful resources. Knowledge Base Embedding Retriever Putting the data in a multi dimensional vector Retrieve information from the database based on similarity RAG DocYara Help you understand how to use Yara Help you create your rule Help you refine your rule 👨‍⚕️ Retrieval Augmented Generation

Slide 17

Slide 17 text

No content

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

No content