Malicious Files and How To Find Them

A common question asked during cyber investigations is "Did we find all the malicious files?" and most people don’t have a great means to answer this question. In this session I will provide a detailed overview of out-the-box approaches to find malicious files. I’ll show you multiple ways to search for them in Tanium, culminating in the creation of custom YARA rules that can be used to scan and catch variants of similar files without relying on any common file details like the name/path/hash.

Location Name
Violet - 4th Floor

Additional details:

Session Tag
Incident Response
Session Type
In-Person, Breakout