Applying YARA to Uncover Hidden Phishing Threats Months After the Attack
Phishing continues to be a primary attack vector, preying on unsuspecting yet targeted end users who unintentionally infect their systems. Often these attacks introduce new or updated malware which can go undetected for months. And to exacerbate the security challenge, EDR systems don’t often retain histories of the binaries executed on local endpoints. So organizations are faced with the dilemma- how do I uncover phishing payloads across my endpoints months after their IOCs are known?
In this webinar, we’ll discuss:
● How to leverage an Email AbuseBox or “local repository” for suspicious Phishing attachments, and have this available for retro-hunting
● How to create a custom YARA rule to search for a particular byte sequence indicative of new IOCs
● How to apply these YARA rules across local repositories
● How to automate the retro-hunting process and alert on detections for action, and
● How to use YARA Tags to classify files.
May 21, 2020 02:00 PM in Eastern Time (US and Canada)