Malware Detection with YARA and osquery

Traditional filehash malware detection is relatively easy to circumvent as threat actors easily morph code to create "new" variants, rendering old IOC's useless.


YARA, uses a different approach. Its rules match to small segments of code within the malware, making traditional morphing techniques easier to detect. The challenge can be knowing which files to scan with YARA, as scanning everything can be expensive.

This is where osquery can tell us exactly which files have been executed, and therefore which files to scan. Even if a file has not been executed, osquery can be used to create whitelists from golden images and identify suspect binaries.

Register now to access this on-demand webinar!

Webinar Panelists

Julian circle headshot rsa
Julian Wayte
Security Engineer - Uptycs
© 2023 Uptycs. All rights reserved.
Follow Us