YARA is a famous tool for malware researchers helping them to identify and classify malware samples. However, what exactly can a specialist do with YARA? In their workshop ‘Writing Better YARA Rules’ Costin Raiu (Kaspersky) and Vicente Diaz (VirusTotal) discuss the effective usage of YARA rules and share some hands-on experiences, including disassembling some real YARA rules and analyzing good and bad examples of them.
Bonus: introduction of KLARA – an open source YARA instrumentation framework.
