one of the founders of reversinglabs presenter at
play

One of the founders of ReversingLabs Presenter at conferences: - PowerPoint PPT Presentation

Jan 11, 2024 •212 likes •377 views

One of the founders of ReversingLabs Presenter at conferences: BlackHat, ReCon, CARO Workshop, SAS and TechnoSecurity. Developer on such projects as TitaniumCore, TitanEngine, NyxEngine and RLPack. @ap0x { YARA at ReversingLabs 2016 2017

  2. One of the founders of ReversingLabs Presenter at conferences: BlackHat, ReCon, CARO Workshop, SAS and TechnoSecurity. Developer on such projects as TitaniumCore, TitanEngine, NyxEngine and RLPack. @ap0x

  3. { YARA at ReversingLabs 2016 2017 2018 2019 2013 - 2015 2020 Integrated YARA into Showing YARA match Enabled suspicious Integrated with Using YARA metadata Explainable YARA rules TitaniumCore information classifications TitaniumCore format to name detected identification and threats Started including YARA Automatic YARA unpacking threat detection rules ruleset versioning Extended YARA to in our products support more than 32 Included .NET and threads Patch contributions to hash modules YARA code base

  4. { YARA dilemma: Threat detection or hunting? Detection Hunting Goal: Malware detection & blocking Goal: Proactive analysis & detection • • Pro: Pro: • • Can accurately detect malware threats Can find new interesting things to analyze Can block for malware based on artifacts Can be broad to cover multiple formats Can be deployed to scan files or memory Can look for things other than malware Con: Con: • • Requires time to write & test correctly Requires time consuming human analysis Can be bypassed with pattern breaking Can generate lots of false positives

  5. { YARA threat detection rule goals Clean written YARA rules with well labeled conditions 1.

  6. { YARA threat detection rule goals Matching on unique malware type functionality 2.

  7. { YARA threat detection rule goals Preferring code byte pattern matching over strings 3.

  8. { YARA threat detection rule goals Native classification pipeline integration 4.

  9. { YARA threat detection within layered objects Sample a) After unpacking Classification Verdict Machine PE/EXE/UPX PE/EXE Ransomware learning b) Memory analysis YARA Preferred due to family name

  10. { YARA threat detection results

  11. { YARA threat detection results

  12. ReversingLabs Open Source { YARA rules https://github.com/reversinglabs/reversinglabs-yara-rules 128 YAR YARA A Rule les publis lished ReversingLabs Open Source rules require YARA version 3.2.0 or newer to be installed. Additionally, the following YARA modules need to be enabled: PE and ELF .

  15. THANK YOU

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Reasons for joint ventures Founders getting together Founders adding new skills to team

Reasons for joint ventures Founders getting together Founders adding new skills to team

Reasons for joint ventures Founders getting together Founders adding new skills to team Founders getting equity funding partner (investors) Parties with complementary skills working together Commercial deal Objectives

337 views • 5 slides
THE FOUNDERS OF LIFE Dr. Darryl and Reverend Taleeta Canady are the founders of the LIFE Male

THE FOUNDERS OF LIFE Dr. Darryl and Reverend Taleeta Canady are the founders of the LIFE Male

THE FOUNDERS OF LIFE Dr. Darryl and Reverend Taleeta Canady are the founders of the LIFE Male Science Technology Engineering Arts and Math Academy. They believe that a STEAM-focused curriculum will equip students with the academic

557 views • 29 slides
FOUNDERS SYNDROME The role of a creative leader is not to have all the ideas; its to

FOUNDERS SYNDROME The role of a creative leader is not to have all the ideas; its to

1 of 8 FOUNDERS SYNDROME The role of a creative leader is not to have all the ideas; its to create a culture where everyone can have ideas and feel that theyre valued. (Ken Robinson) What is Founders Syndrome ?

523 views • 8 slides
Founders Our Partners The Old Web The Web Today Source:

Founders Our Partners The Old Web The Web Today Source:

The Evolving Cyber Threat and what businesses can do about it Larry Clinton, President Direct 703/907-7028 lclinton@isalliance.org Founders Our Partners The Old Web The Web Today Source:

502 views • 17 slides
Committee Updates Presenter Presenter Presenter Presenter Su Bibik Stephanie Beck Dawn

Committee Updates Presenter Presenter Presenter Presenter Su Bibik Stephanie Beck Dawn

Alliance for Massage Therapy Education 2014 Annual Business Meeting Committee Updates Presenter Presenter Presenter Presenter Su Bibik Stephanie Beck Dawn Saunders Nancy Dail Governance Marketing Membership Conference Planning

576 views • 39 slides
SETTING UP FOR SUCCESS: 15 THINGS NEW NONPROFITS SHOULD KNOW Mission Mission 1. Create a

SETTING UP FOR SUCCESS: 15 THINGS NEW NONPROFITS SHOULD KNOW Mission Mission 1. Create a

SETTING UP FOR SUCCESS: 15 THINGS NEW NONPROFITS SHOULD KNOW Mission Mission 1. Create a mission statement that helps avoid future mission creep. Founders Role Founders Role 2. Founders are not owners. Board of Directors Board of

526 views • 16 slides
Better Returns: Founders Wisdom & Time -Honored Lessons Presented by: Mark Robertson,

Better Returns: Founders Wisdom & Time -Honored Lessons Presented by: Mark Robertson,

Better Returns: Founders Wisdom & Time -Honored Lessons Presented by: Mark Robertson, Founder & Managing Partner markr@manifestinvesting.com October 20, 2018 Founders Wisdom & Time -Honored Lessons No investment recommendation

1.08k views • 44 slides
Scheduling Shared Continuous Resources On Many-Cores PRESENTER PRESENTER PRESENTER PRESENTER:

Scheduling Shared Continuous Resources On Many-Cores PRESENTER PRESENTER PRESENTER PRESENTER:

Scheduling Shared Continuous Resources On Many-Cores PRESENTER PRESENTER PRESENTER PRESENTER: LIOR BELINSKY AUTHORS AUTHORS: ANDRE BRINKMANN - PETER KLING EQ - TIM SUB AUTHORS AUTHORS UUUJJJJJIIILARS NAGEL UUUUU - SORE RIECHERSIU

596 views • 35 slides
www.libertasint.com Overview USA October 2013 ACN Co-founders Donald J. Trump & Greg

www.libertasint.com Overview USA October 2013 ACN Co-founders Donald J. Trump & Greg

www.libertasint.com Overview USA October 2013 ACN Co-founders Donald J. Trump & Greg Provezano, Mike & Tony Cupisz, Robert Stevanovski The company International Services Provider Started in the U.S. January 1993 2009

378 views • 15 slides
eventual consistency ftw david craelius, cto Klarna in short - Independent, founders still

eventual consistency ftw david craelius, cto Klarna in short - Independent, founders still

eventual consistency ftw david craelius, cto Klarna in short - Independent, founders still majority owners - Delivering online payments not built on top of the traditional VISA/MC stack - Aim to double each year - > 100M turnover 2012

347 views • 22 slides
(AWCDH) founded in 2003 THE FOUNDERS OF THE ASSOCIATION identified the need for a

(AWCDH) founded in 2003 THE FOUNDERS OF THE ASSOCIATION identified the need for a

THE ASSOCIATION FOR WOMEN'S CAREER DEVELOPMENT IN HUNGARY (AWCDH) founded in 2003 THE FOUNDERS OF THE ASSOCIATION identified the need for a non-governmental organization to help promote women s equality by working with and fostering the

629 views • 32 slides
THE MARRIAGE OF COMMUNICATION & CODE BY ANDREA GOULET & M. SCOTT FORD FOUNDERS,

THE MARRIAGE OF COMMUNICATION & CODE BY ANDREA GOULET & M. SCOTT FORD FOUNDERS,

THE MARRIAGE OF COMMUNICATION & CODE BY ANDREA GOULET & M. SCOTT FORD FOUNDERS, CORGIBYTES @andreagoulet WHEN I We remodel existing WAS software to make it stable, IN HIGH scalable, and secure. SCHOOL.

1.59k views • 55 slides
Dare to invent the future you want 3 rd edition - Evian, from 20 to 22 June 2017 Co-founders In

Dare to invent the future you want 3 rd edition - Evian, from 20 to 22 June 2017 Co-founders In

3 days to Dare to invent the future you want 3 rd edition - Evian, from 20 to 22 June 2017 Co-founders In partnership with Manifesto It was long believed that sustainable development was about standards, regulations, risk prevention or the

535 views • 20 slides
to take Car e of Hair A Big Family Four founders and one idea: Kuractive is born! They share

to take Car e of Hair A Big Family Four founders and one idea: Kuractive is born! They share

New Concept of Beauty Unique way to take Car e of Hair A Big Family Four founders and one idea: Kuractive is born! They share experience in the cosmetic industry and a common vision Vision that is embedded in the company name HOANA that means

721 views • 24 slides
Mike Little WordPress Co-founder WordPress: the early years. A co-founders view

Mike Little WordPress Co-founder WordPress: the early years. A co-founders view

Mike Little WordPress Co-founder WordPress: the early years. A co-founders view Democratising publishing and empowering freedom of speech since 2003. Questions? @mikelittlezed1 https://mikelittle.org/

450 views • 5 slides
FROM POTENTIAL TO PROSPERITY Cheryll Watson Division Purpose We help founders and their teams

FROM POTENTIAL TO PROSPERITY Cheryll Watson Division Purpose We help founders and their teams

FROM POTENTIAL TO PROSPERITY Cheryll Watson Division Purpose We help founders and their teams bring ground- Vice President breaking ideas to market whether as a startup or Innovate Edmonton a high-potential scaleup by bringing

1k views • 28 slides
TROUBLESHOOTING Performing basic Acronis Backup and Acronis Backup Cloud troubleshooting Acronis

TROUBLESHOOTING Performing basic Acronis Backup and Acronis Backup Cloud troubleshooting Acronis

ACRONIS BACKUP TROUBLESHOOTING Performing basic Acronis Backup and Acronis Backup Cloud troubleshooting Acronis Training and Certification Authorized Use Only 1 Module Outline 1. Acronis Backup Troubleshooting Steps 2. Acronis Support

1.13k views • 53 slides
Exe Rail Progress Report February 2017 Marsh Barton Station Construction delayed due to the

Exe Rail Progress Report February 2017 Marsh Barton Station Construction delayed due to the

Exe Rail Progress Report February 2017 Marsh Barton Station Construction delayed due to the need to revise designs to meet changing Network Rail standards. Likely to have an impact on scheme cost but this is yet to be fully

604 views • 12 slides
Debunking paradigms in estuarine fish species richness Adam Waugh 1,2* , Michael Elliott 2 ,

Debunking paradigms in estuarine fish species richness Adam Waugh 1,2* , Michael Elliott 2 ,

Debunking paradigms in estuarine fish species richness Adam Waugh 1,2* , Michael Elliott 2 , Anita Franco 2 1. Environment Agency, Kingfisher House, Orton Way, Peterborough, PE2 5ZR 2. Institute of Estuarine & Coastal Studies, University of

291 views • 12 slides
POSITIONED FOR EXCEPTIONAL GROWTH MINERAL COMMODITIES LTD INVESTOR PRESENTATION SEPTEMBER 2018

POSITIONED FOR EXCEPTIONAL GROWTH MINERAL COMMODITIES LTD INVESTOR PRESENTATION SEPTEMBER 2018

POSITIONED FOR EXCEPTIONAL GROWTH MINERAL COMMODITIES LTD INVESTOR PRESENTATION SEPTEMBER 2018 ASX: MRC | www.mineralcommodities.com DISCLAIMER AND COMPETENT PERSON STATEMENT disseminate any updates or revisions to any forward looking

506 views • 28 slides
General Presentation April, 2011 Printed by DSME 1 2011- 04- 29 11:46

General Presentation April, 2011 Printed by DSME 1 2011- 04- 29 11:46

APCPCWM_4828539:WP_0000045WP_0000045 5 4 0 0 0 0 _ 0 P W 5 4 0 0 0 0 0 P _ W : 9 3 5 8 2 8 _ 4 M W C P C A P General Presentation April, 2011 Printed by DSME 1 2011- 04- 29 11:46

989 views • 35 slides
Guide idelines lines for or Prop open ensity sity Scor Sc ore e Weigh ighting ting wi

Guide idelines lines for or Prop open ensity sity Scor Sc ore e Weigh ighting ting wi

St Step-by by-Step ep Guide idelines lines for or Prop open ensity sity Scor Sc ore e Weigh ighting ting wi with th Two o Grou oups ps Beth Ann Griffin 1 Four key steps 1) Choose the primary treatment effect of interest

840 views • 45 slides
1 Using the Results from Poverty Mapping Similar problem as to 2SLS estimate. Adjustment

1 Using the Results from Poverty Mapping Similar problem as to 2SLS estimate. Adjustment

Poverty Mapping Believing in PovMap ? Why ? in the World Bank: ~ ~ ~ x ~ ? ln y ' Our Work and Lessons Learned ch ch ch c x ' : People with same characteristic have same income ch :

390 views • 4 slides
The i_SWAT Software Package: A Tool for Supporting SWAT Watershed Applications Philip W.

The i_SWAT Software Package: A Tool for Supporting SWAT Watershed Applications Philip W.

The i_SWAT Software Package: A Tool for Supporting SWAT Watershed Applications Philip W. Gassman, Todd Campbell, Silvia Secchi Center for Agric. and Rural Development, Iowa State Univ., Ames, IA USA Manoj Jha Civil Engineering Dept., Iowa

504 views • 24 slides

More recommend