Use our virtual lab to complete 20+ practical exercises, all based on Kaspersky’s exclusive APT research.
Contact us
Ask a question?
If you want to know anything about the course, we’re here to help.
Hunt APTs with Yara like a GReAT Ninja
Course overview
Have you ever wondered how Kaspersky’s GReAT experts discovered some of the world’s most famous APT attacks? Now, the answer is within your reach. Our specialists have poured years of experience from the prominent cases they have worked on into our online Threat Hunting with Yara training. Course leader Costin Raiu, a 25 year veteran of the threat hunting industry, will teach you the unconventional ways of working with #Yara so that you can find threats of the same magnitude as his team.
Specifically designed for self-paced learning, our course is deeply practical and enables you to learn-by-doing, hunting for real threats in our dedicated Virtual Lab. Using world-renowned cases like BlueTraveller, Sofacy & WildNeutron as the basis of the course, Costin shares insights and techniques from his team’s exclusive research on these cases. This knowledge will enhance your career and improve your organisation’s threat defences.
Only “Hunt APTs with Yara like a GReAT ninja” teaches learners how to write sound, solid & fast Yara rules and develop a threat hunting mentality that will be respected & valued.
Why enroll?
Hands-on training
Become more efficient
Take your cybersecurity skills to the next level by learning how to identify threats quicker and with less effort.
Learn with the best
Kaspersky experts are threat hunting pioneers. Now you can discover how YARA helps them uncover APTs that nobody else can find.
Training objectives:
- Write cleaner, more efficient, Yara rules
- Utilize tips & tricks to create fast and efficient rules
- Use Yara generators to save time and effort when writing codes
- Test Yara rules for false positives that could skew your results
- Hunt new undetected samples in your infrastructure and cloud platforms
- Use external modules within Yara for even more efficient hunting
- Discover secrets of anomaly search
- Test your new skills on real life cases like BlueTraveller and DiplomaticDuck
“As cybercriminals constantly develop their skills and tools, law enforcement around the globe must proactively enhance their strategy and capabilities. INTERPOL’s Global Cybercrime Programme appreciates our partner Kaspersky’s course on Yara which provided deeper analysis of malware and a comprehensive view of cybercriminal activity for law enforcement officers.”
“The main thing that I got out of this course is the practical experience of threat hunting and discovering specific artefacts which can help shed light on new samples of malware... If you only read the theory & documentation, you won’t be able to write efficient Yara rules because mastering YARA requires a lot of practice.”
“The thing I liked most of all is the Virtual Lab environment. Thanks to it, you can immediately start solving exercises without the need to install any software.”
“This course taught me how to write YARA rules efficiently and how to make them work faster. Throughout the training I’ve learnt lots of tips and tricks about the creation of YARA rules.”
See Costin in a FREE Brighttalk webinar
Who it's for
InfoSec professionals
IT Security professionals will learn how to advance their career as a threat hunter and hunt threats more efficiently.
Enterprises
Train your teams to find new malware samples, exploits and zero-days and speed up incident response. Improve your organizations' defenses with custom rules.
How you'll learn
Video lectures featuring Costin Raiu
Learn from a 25 year Threat Hunting ninja and Director of Kaspersky’s industry leading Global Research and Analysis Team.
Active learning
Engaging learning tools & quizzes to support effective knowledge transfer.
Hands-on virtual lab
Work with real cases like BlueTraveller and DiplomaticDuck in our virtual lab.
Syllabus
Inception
Meet Director of GReAT and ninja master Costin Raiu, your tutor for the course, and get an introduction to Yara syntax along with design tips.
String Based Rules
Interesting strings and PE structure fields. To hunt down suspicious malware, look for the clues.
Designing efficient rules
A good Yara rule should be able to hunt out the existence of threats while protecting normal files.
Taking advantage of Yara modules
What happens when threats become more sophisticated? Luckily, Yara has some modules that can be used to your advantage.
Hunting for new samples on VTI
VirusTotal Intelligence (VTI) works natively with Yara. Master these two pieces of software and you might find something that was previously undetected.
Wildcards
Learn about wildcards through exercises featuring the Equation group and Sofacy, some of the most sophisticated cyber espionage groups to have ever existed.
Digital certificates, imphashes and developer footprints
Gets hands-on in the virtual lab with exercises based on WildNeutron, Eye-Pyramid and other famous cases.
Malicious Office documents, OLE format
Find out how you can dump OLE files to identify features that can be then be used for Yara detection.
Expert Yara exercises
Search for suspicious techniques and write effective Yara rules based on the Freaky Shelly case, Lazarus / Bluenoroff and other advanced cases.
YarGen, automation and a bit of magic
Complete your training by finding out how you can use automatic Yara generators, how you can set up a Yara environment within your own organization and how you can hunt threats when you even don’t know what you are looking for.
Benefits for you
 |
6 months to complete your course from activation of your access code |  |
 |
Courses delivered in English with subtitles | |
 |
Self-guided learning that fits around your life | |
 |
It will take you approximately 15 hours to finish the course | |
 |
PDF downloads of training materials & tips | |
 |
Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client) | |
 |
Costin Raiu, Director of GReAT, Kaspersky | |
 |
Over 50 videos to guide you through the course | |
 |
100 hours of virtual lab time for hands-on learning | |
 |
Available by email 0900 - 1730 UK time on standard business days via help.kasperskyxtraining.com | |
 |
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s) | |
$1,400 inc. tax per learner