Detection Engineering with YARA

The material presented here teaches how to use YARA and covers various aspects.

Table of contents:

• Popular YARA rules repositories
• YLS - A development environment for YARA
• YARA CLI scanner basics
• A journey through the sections and modules
• A set of YARA rule examples
• Virustotal hunting with the YARA vt module
• Tips & tricks when developing YARA rules
• YARA performance issues + optimization tips
• API usage in Python + C
• 5 YARA challenges and solutions

The malware samples used are listed in each example and challenge in a file called hashes.txt. Most of them can be found on malware repositories such as Virustotal.