<!-- Put the link to this slide here so people can follow slide: https://hackmd.io/p/template-Talk-slide --> # A very short introduction to YARA --- ## What is YARA - YARA describes itself pattern-matching swiss army knife - Aimed at malware analysis, but it's so much more - YARA: - A language to describe rules, patterns and conditions - Enables Remote Forensics --- ## Why use YARA - Traditionally detection strategies have revolved around static IOCs (MD5, SHA256 and similar signatures) - YARA: move to a dynamic-style analysis: - describe patterns (aka heuristics) - Example: detection of Log4J vuln jars in the wild --- ## Demo