John's content is really inspiring and his prowess in the field is something to behold. Quick question: How do I identify a malicious thread located in a memory dump file using memory forensics tools like volatility
Nice vide John! Quick question, how to do Yara rule scan for multiple hosts? for an example if we are looking for an signature in all the users endpoint then what will be the easier way to run it and pull that report? Thank you.
You can do this in a few ways-- if you want to scan hosts directly, something like Ansible is really going to prop up your SOC to distribute and establish any sort of scanning. We locally host our ruleset in a single location, and then pull that ruleset every time we perform a scan so we're operating on the most recent version. Ultimately, it's typically a matter of simply pulling a ruleset from a single consolidated location to ensure you're operating on an updated ruleset, and then invoking it across each machine.
I ran into problem when importing all rules recursively and detecting using python rules downloaded from same repo but I solved it by removing certain yar files that listed and acted like index to every other actual rule files
I think Yara is a good tool to build an own antivirus client if you absolutely don't trust any existing AV solution or want a lightweight, dumbed-down, and customized AV.
@@newwindserver YARA can effectively detect certain types of variable obfuscation based on pattern occurrences or certain strings/operations/data surrounding certain functions. But in general, we levy different tools for this. YARA can and does support a large portion of antivirus solutions, but they're combined with other tools to perform the task.
How much info do you have with Linux for people who absolutely hate "wind blows" Windows? I know a lot of beta tests are run on Linux, but most people with desktops dual boot their computer. Anything other than doing what I just did, post disparaging remarks, sorry, would help Thanks 👍
Even if all of your machines are Linux machines, Windows still has the biggest market share, so you still need to know how it works. You would be severely limiting yourself, otherwise.
The experience that he has speaks volumes with respect to how detailed he explains, yet it is so simple to understand.
Growing with JH's content is such a beautiful experience,, I love it ,, Keep it up, John.
John could you possibly make a video for beginners on how to store and safely manage malware in a virtual environment? ❤
John's content is really inspiring and his prowess in the field is something to behold. Quick question: How do I identify a malicious thread located in a memory dump file using memory forensics tools like volatility
why do you remove the subtitles?
Sounds like a cool tool... Only heard of it now. Shot Bro.
Nice vide John! Quick question, how to do Yara rule scan for multiple hosts? for an example if we are looking for an signature in all the users endpoint then what will be the easier way to run it and pull that report? Thank you.
You can do this in a few ways-- if you want to scan hosts directly, something like Ansible is really going to prop up your SOC to distribute and establish any sort of scanning. We locally host our ruleset in a single location, and then pull that ruleset every time we perform a scan so we're operating on the most recent version.
Ultimately, it's typically a matter of simply pulling a ruleset from a single consolidated location to ensure you're operating on an updated ruleset, and then invoking it across each machine.
@@sudo-rem sorry didn't get all of it. Could you please share any link if this is something explained in detail? Thank you.
ThankYou so much john
Nowdays, I'm study about malware analysis, at the right time you dropped the video 🤩🤩
I ran into problem when importing all rules recursively and detecting using python rules downloaded from same repo but I solved it by removing certain yar files that listed and acted like index to every other actual rule files
I think Yara is a good tool to build an own antivirus client if you absolutely don't trust any existing AV solution or want a lightweight, dumbed-down, and customized AV.
@@newwindserver YARA can effectively detect certain types of variable obfuscation based on pattern occurrences or certain strings/operations/data surrounding certain functions. But in general, we levy different tools for this. YARA can and does support a large portion of antivirus solutions, but they're combined with other tools to perform the task.
You didn’t say the acronym for YARA. But it’s absolutely hilarious 😆
what is it ?
Yet Another Ridiculous Acronym.
Growing ❤
This is awesome. Thanks.
How much info do you have with Linux for people who absolutely hate "wind blows" Windows?
I know a lot of beta tests are run on Linux, but most people with desktops dual boot their computer.
Anything other than doing what I just did, post disparaging remarks, sorry, would help
Thanks 👍
Even if all of your machines are Linux machines, Windows still has the biggest market share, so you still need to know how it works. You would be severely limiting yourself, otherwise.
Please do video on how to create computer warm
Fire up any modern AAA video game!
Do you help recover google accounts?
❤❤
Cool
Wow
Pegasus ? 🤣
2nd comment leggo
5th
14 min ago 4th