Use our virtual lab to complete 20+ practical exercises, all based on Kaspersky’s exclusive APT research.
Questions
Ask a question?
If you want to know anything about the course, we’re here to help.
Hunt APTs with Yara like a GReAT Ninja
Course overview
Have you ever wondered how Kaspersky discovered some of the world’s most famous APT attacks? Now, you can enhance your threat hunting career, improve incident response strategies for your business and get the inside track - from the comfort of your home. In our brand new online training, Kaspersky experts will lead you through an essential tool for every APT hunter: the Yara detection engine.
This self-paced training is suitable for experienced Yara users as well as beginners who have knowledge of the Yara language and basic rules. Anyone with basic experience of handling malware samples, using analysis tools to look at malware and general knowledge about operating systems, executable files, APIs and data formats will enjoy the highly practical course. Our training includes a hands-on virtual lab with lots of exclusive exercises from real world cases worked on by Kaspersky researchers.
Training objectives:
- Write cleaner, more efficient, Yara rules
- Utilize tips & tricks to create fast and efficient rules
- Use Yara generators to save time and effort when writing codes
- Test Yara rules for false positives that could skew your results
- Hunt new undetected samples in your infrastructure and cloud platforms
- Use external modules within Yara for even more efficient hunting
- Discover secrets of anomaly search
- Test your new skills on real life cases like BlueTraveller and DiplomaticDuck
Why enroll?
Hands-on training
Become more efficient
Take your cybersecurity skills to the next level by learning how to identify threats quicker and with less effort.
Learn with the best
Kaspersky experts are threat hunting pioneers. Now you can discover how YARA helps them uncover APTs that nobody else can find.
All levels
$1,400 inc. tax per learner
See Costin in a FREE Brighttalk webinar
Costin is Director of Kaspersky’s industry leading Global Research and Analysis Team (GReAT), the team that researched the inner workings of Stuxnet, Duqu, Flame, Carbanak, Turla, Lazarus, the Equation Group and many more.
Costin has over 25 years’ experience in cybersecurity and specialises in analysing Advanced Persistent Threats and high-level malware attacks.
He is a member of the Virus Bulletin Technical Advisory Board and the Computer AntiVirus Researchers’ Organization (CARO) as well as a reporter for the Wildlist Organization International.
Who it's for
InfoSec professionals
IT Security professionals will learn how to advance their career as a threat hunter and hunt threats more efficiently.
Enterprises
Train your teams to find new malware samples, exploits and zero-days and speed up incident response. Improve your organizations' defenses with custom rules.
How you'll learn
Video lectures featuring Costin Raiu
Learn from a 25 year Threat Hunting ninja and Director of Kaspersky’s industry leading Global Research and Analysis Team.
Active learning
Engaging learning tools & quizzes to support effective knowledge transfer.
Hands-on virtual lab
Work with real cases like BlueTraveller and DiplomaticDuck in our virtual lab.
Syllabus
Inception
Meet Director of GReAT and ninja master Costin Raiu, your tutor for the course, and get an introduction to Yara syntax along with design tips.
String Based Rules
Interesting strings and PE structure fields. To hunt down suspicious malware, look for the clues.
Designing efficient rules
A good Yara rule should be able to hunt out the existence of threats while protecting normal files.
Taking advantage of Yara modules
What happens when threats become more sophisticated? Luckily, Yara has some modules that can be used to your advantage.
Hunting for new samples on VTI
VirusTotal Intelligence (VTI) works natively with Yara. Master these two pieces of software and you might find something that was previously undetected.
Wildcards
Learn about wildcards through exercises featuring the Equation group and Sofacy, some of the most sophisticated cyber espionage groups to have ever existed.
Digital certificates, imphashes and developer footprints
Gets hands-on in the virtual lab with exercises based on WildNeutron, Eye-Pyramid and other famous cases.
Malicious Office documents, OLE format
Find out how you can dump OLE files to identify features that can be then be used for Yara detection.
Expert Yara exercises
Search for suspicious techniques and write effective Yara rules based on the Freaky Shelly case, Lazarus / Bluenoroff and other advanced cases.
YarGen, automation and a bit of magic
Complete your training by finding out how you can use automatic Yara generators, how you can set up a Yara environment within your own organization and how you can hunt threats when you even don’t know what you are looking for.
Benefits for you
 |
6 months to complete your course from activation of your access code |  |
 |
Courses delivered in English with subtitles | |
 |
Self-guided learning that fits around your life | |
 |
It will take you approximately 15 hours to finish the course | |
 |
PDF downloads of training materials & tips | |
 |
Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client) | |
 |
Costin Raiu, Director of GReAT, Kaspersky | |
 |
Over 50 videos to guide you through the course | |
 |
200 hours of virtual lab time for hands-on learning | |
 |
Available by email 0900 - 1730 UK time on standard business days via help.kasperskyxtraining.com | |
$1,400 inc. tax per learner