Using Yara & Strelka to Identify & Detect Malware

Speakers: Paul Hutelmyer (Target, US), Derek Thomas (Target, US)

Adversaries try as much as possible to blend in with behavior that appears normal. However, their operations result in malicious activity, and therefore must at some point deviate from normalcy and develop specific patterns which can be identified over time. This workshop will focus on identifying, collecting, and detecting malware, using the Open Source projects "Yara" and "Strelka". The goal of the training is that the audience will be able to identify malware of interest to them, and develop enterprise level detection based on their own research.

About the Speakers
Paul Hutelmyer is a principal engineer with Target Corporation.

Derek Thomas is a lead information security analyst on Target Corporation’s Cyber Threat Intelligence (CTI) team in Brooklyn Park, Minnesota. After graduating college, Derek joined the US Army as an active duty intelligence officer where he developed a passion for intelligence analysis. After the military he worked as a contractor in Washington D.C supporting the FBI Cyber Division as a cyber-intelligence analyst pursuing financially motivated cybercriminals. Derek has since earned the PMP, GSEC, GCIH, GCIA, GPEN, and OSCP certifications and his Master’s in homeland security from Penn State. He joined Target’s CTI team in March 2018 and currently lives in the suburbs of Minneapolis with his wife, son, and golden retriever.