EP30 Malware Hunting with VirusTotal

Guest:

• Vicente Diaz, Threat Intelligence Strategist @ VirusTotal

Topics:

• How would you describe modern threat hunting process?
• Share some of the more interesting examples of attacker activities or artifacts you've seen?
• Do we even hunt for malware? What gets you more concerned, malware or human attackers?
• How do you handle the risk of attackers knowing how you perform hunting?
• What is the role of threat research role for hunting? Do you need research to hunt well?
• Does threat research power attribution?
• How do you tell a good YARA rule from a bad one, and a great one?
• What's the evolutionary journey for a YARA rule?
• What is your view on the future of hunting?

Resources:

• YARA documentation
• "Deep Thinking: Where Machine Intelligence Ends and Human Creativity Begins" by Gary Kasparov