top of page
  • Writer's pictureInfosec In the City (IIC)

Introduction to YARA — by Matt Brooks

Updated: Jun 19, 2020

#IICSG2018 Conference Workshop Track

Day 2 (25 May 2018)


@ Bras Basah Room


YARA is a tool used for malware analysis and incident response. This workshop is geared towards beginners who have heard of the tool and would like to learn more. Exercises range from writing the first signature as a group to getting creative and "solving puzzles" over a large malware repository.


Participants should be comfortable looking at the strings or hex dump of a file but do not need experience using disassemblers or debuggers. As this is hands-on, participants will need to bring their own laptop meeting the following requirements:
  • Safe to handle Windows malware samples (we will work with live Windows malware, not crackme files).

  • Access to *nix command line

  • The following tools installed: - YARA - radare2 (r2) - Python installed with pefile and oletools libraries (from pip)

  • The following scripts included: - and by Didier Stevens

The instructor will be working from MacOS locally outside a VM.


Please also download the materials from the following link and have the directory located in your home directory:

The password will be given out at the start of the Workshop. If you want it early, reach out to me via Twitter (@cmatthewbrooks).

About Matt Brooks

Matt Brooks is a malware researcher with an interest in malware used to target civil society. In addition to private malware research, he has experience in intelligence and incident response in the US government and private sectors.

18 views0 comments


Post: Blog2_Post
bottom of page