We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

Accept and Close

Contact us

Ask a question?

If you want to know anything about the course, we’re here to help.


Go to the Codebreakers competition here

Hunt APTs with Yara like a GReAT Ninja

Course overview

Have you ever wondered how Kaspersky’s GReAT experts discovered some of the world’s most famous APT attacks? Now, the answer is within your reach. Our specialists have poured years of experience from the prominent cases they have worked on into our online Threat Hunting with Yara training. Course leader Costin Raiu, a 25 year veteran of the threat hunting industry, will teach you the unconventional ways of working with #Yara so that you can find threats of the same magnitude as his team.

Specifically designed for self-paced learning, our course is deeply practical and enables you to learn-by-doing, hunting for real threats in our dedicated Virtual Lab.  Using world-renowned cases like BlueTraveller, Sofacy & WildNeutron as the basis of the course, Costin shares insights and techniques from his team’s exclusive research on these cases. This knowledge will enhance your career and improve your organisation’s threat defences.

Only “Hunt APTs with Yara like a GReAT ninja” teaches learners how to write sound, solid & fast Yara rules and develop a threat hunting mentality that will be respected & valued.

Why enroll?

Hands-on training

Use our virtual lab to complete 20+ practical exercises, all based on Kaspersky’s exclusive APT research.

Become more efficient

Take your cybersecurity skills to the next level by learning how to identify threats quicker and with less effort.

Learn with the best

Kaspersky experts are threat hunting pioneers. Now you can discover how YARA helps them uncover APTs that nobody else can find.

All Levels

All levels


$1,400 inc. tax per learner  

Enroll my team
Request demo access

Training objectives:

  • Write cleaner, more efficient, Yara rules
  • Utilize tips & tricks to create fast and efficient rules
  • Use Yara generators to save time and effort when writing codes
  • Test Yara rules for false positives that could skew your results
  • Hunt new undetected samples in your infrastructure and cloud platforms
  • Use external modules within Yara for even more efficient hunting
  • Discover secrets of anomaly search
  • Test your new skills on real life cases like BlueTraveller and DiplomaticDuck
Trainer 2

Costin is Director of Kaspersky’s industry leading Global Research and Analysis Team (GReAT), the team that researched the inner workings of Stuxnet, Duqu, Flame, Carbanak, Turla, Lazarus, the Equation Group and many more.

Costin has over 25 years’ experience in cybersecurity and specialises in analysing Advanced Persistent Threats and high-level malware attacks.

He is a member of the Virus Bulletin Technical Advisory Board and the Computer AntiVirus Researchers’ Organization (CARO) as well as a reporter for the Wildlist Organization International.

Who it's for


InfoSec professionals
IT Security professionals will learn how to advance their career as a threat hunter and hunt threats more efficiently.


Train your teams to find new malware samples, exploits and zero-days and speed up incident response. Improve your organizations' defenses with custom rules.

How you'll learn


Video lectures featuring Costin Raiu
Learn from a 25 year Threat Hunting ninja and Director of Kaspersky’s industry leading Global Research and Analysis Team.

Active Learning

Active learning
Engaging learning tools & quizzes to support effective knowledge transfer.

Virtual Lab

Hands-on virtual lab
Work with real cases like BlueTraveller and DiplomaticDuck in our virtual lab.


Benefits for you

Access Icon
6 months to complete your course from activation of your access code Bullet Tick
Pace Icon
Courses delivered in English with subtitles Bullet Tick
Course Duration
Self-guided learning that fits around your life Bullet Tick
Browser-based access to virtual lab
It will take you approximately 15 hours to finish the course Bullet Tick
Downloads Icon
PDF downloads of training materials & tips Bullet Tick
Mobile Access
Learning environment
Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client) Bullet Tick
Course Author
Course author
Costin Raiu, Director of GReAT, Kaspersky Bullet Tick
Guided Videos Icon
Guided videos
Over 50 videos to guide you through the course Bullet Tick
Virtual Lab Icon
Access to virtual lab
100 hours of virtual lab time for hands-on learning Bullet Tick
Technical Support Icon
Platform support
Available by email 0900 - 1730 UK time on standard business days via help.kasperskyxtraining.com Bullet Tick
Certification Icon
Certificate of completion
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s) Bullet Tick

$1,400 inc. tax per learner  

Enroll my team
Request demo access