| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
YARA, a powerful framework for pattern matching, is often used to detect malicious files, but it can also be used to detect specific capabilities within files. These capabilities signatures can then be aggregated to give a full picture of just how suspicious a given file is. Signatures can be written to detect keylogging, network capability, and many other potentially suspicious activities, as well as detection of packed or encrypted executables or sections. Brian Bell is a malware analyst and threat researcher for a major retail organization; He was an IT in the US Navy, and Infantryman in the US Army, and spent a lot of time in the SIGINT forensics field before leaving the military to work as a government contractor. Brian has worked various missions at the US Air Force CERT as well as time spent as an instructor at the Joint Cyber Analysis Course. More recently, he has worked as a lead SOC analyst for Charles Schwab and as the malware analysis, threat intelligence, and host and network forensics lead for DataShield Consulting. Brian is currently GREM certified, and held GCIA certification in the past. He is also the holder of a SANS "Lethal Forensicator" coin.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast