SAS 2021 workshop: Writing Better YARA Rules

YARA is a famous tool for malware researchers helping them to identify and classify malware samples. However, what exactly can a specialist do with YARA? In their workshop ‘Writing Better YARA Rules’ Costin Raiu (Kaspersky) and Vicente Diaz (VirusTotal) discuss the effective usage of YARA rules and share some hands-on experiences, including disassembling some real YARA rules and analyzing good and bad examples of them.

Bonus: introduction of KLARA – an open source YARA instrumentation framework.