Module 10: YARA — Malware Detection & Hunting

Write rules that find malware. Hunt across files, endpoints, and memory.

Tools:YARAVelociraptorCyberChef
6
Lessons
6
Hands-on Labs

Lessons

1

YARA Fundamentals

Meta, strings, condition

2

String Patterns & Matching

Wildcards, hex, case-insensitive

3

Conditions & Logic

Boolean operators, file size

4

Hunting with YARA

Scanning files and directories

5

YARA + Velociraptor

Hunt across endpoints at scale

6

Real-World YARA Rules

523+ community rules analysis

Labs

Lab 10.1 — Your First YARA Rule

Detect a malicious script. Zero FPs.

Intermediate

Lab 10.2 — Hex Pattern Hunting

Decode hex C2, write YARA rule.

Intermediate

Lab 10.3 — Webshell Detection

Find 5 webshells in 500 files.

Advanced

Lab 10.4 — Ransomware Indicator Rule

Analyze ransomware, write YARA rule.

Advanced

Lab 10.5 — Endpoint-Wide Hunt

YARA in Velociraptor across all hosts.

Expert

Lab 10.6 — Community Rules

Pick 3 rules. Explain and test.

Intermediate