REVERSING 2020, the first global event where threat hunters go deep on YARA, was held virtually last week with a ‘live’ audience of 985 from approximately 2000 registrants! The event covered everything YARA with a jam-packed agenda including 10 thought leaders, industry experts and practitioners ranging from large cybersecurity companies to global financial services to smaller nonprofits. This level of participation from the security community is indicative of the ongoing interest in YARA and demand for advanced malware analysis and threat hunting skills.
- Watch the event summary video here
- Replay 8 of the 10 publicly available sessions with on-demand video here
The participant survey feedback highlighted a 95% approval rating for the event, echoed by the original creator of YARA, Victor Alvarez of VirusTotal/Chronicle.
I enjoyed #REVERSING2020 in general, kudos to @ReversingLabs for the organization of the event and spreading the word about YARA.
— Victor M. Alvarez (@plusvic) June 30, 2020
The event concluded with a closing presentation by ReversingLabs Chief Software Architect and Co-Founder Tomislav Pericin, who also announced the ReversingLabs release of 100+ open-source YARA rules to the community. These YARA rules are written by our experienced threat researchers and have undergone rigorous testing. They are of a quality that delivers essentially zero false positives and are optimized for the breadth of data available through ReversingLabs automated static analysis- but you are not required to have our products to use these rules.
- Visit the ReversingLabs GitHub repository for open-source YARA rules
- Read Tomislav’s blog Level up your YARA game
- Read our press release on this initiative ReversingLabs Unveils 100+ Open Source YARA Rules for Threat Hunters at Inaugural REVERSING 2020 Summit
Why is this important and relevant? ReversingLabs is sharing YARA rules among the open source community to help defenders improve the efficacy of their threat detections and elevate the practice of threat hunting. By releasing high quality YARA rules, we accomplish four objectives:
1. We upskill threat defenders by showcasing our high-quality malware detection rules, consisting of patterns that identify malicious code blocks
2. We close detection gaps (MTTD) for the most problematic malware types, and subsequently reduce business continuity risks
3. We shorten time to respond (MTTR) to malware incidents by providing expanded context and actionable intelligence about malware families that other solutions either don’t provide or require a second opinion
4. We provide a solution path forward, offering improved detections by leveraging these rules against the most extensive set of rich metadata provided by ReversingLabs Titanium Platform and its core technologies which include automated static analysis, IOC extraction and explainable machine learning.
And with a commitment to publish new open-source YARA rules weekly, ReversingLabs posted 4 new rules to the Github repository this week:
- Infostealer.ProjectHookPOS
- Ransomware.Pacman
- Ransomware.PXJ
- Ransomware.Ragnarok
As a final REVERSING 2020 perk, those that attended received a digital badge for their participation.
