BSidesKC Security Conference | April 20-21, 2018 | Cerner Innovations Campus, KC, MO

Three Step YARA Workshop

Friday 1:30-4:30

A gentle introduction to the simple, but powerful art of using YARA to find patterns in data. YARA is the pattern matching king of analysis tools, compatible with nearly every platform out there, open source and built in C.  If it’s not in your trusted tool set for incidents and intelligence work – it should be. In this 3-hour workshop, students are introduced to YARA and then quickly put it into use to interrogate files and pull out the information they need.  This is not a how-to rule building class but a hands-on usage workshop.

Learning Objectives:

  • Interrogate a file and use YARA to provide boilerplate for reporting.
  • Dissect a file to understand its functions, composition, communication and protections.
  • Categorize a directory of files to separate known malicious from suspicious files, organize identified malware by type and family, and other related tasks.


  • Virtual Machine with custom YARA rules & code projects
  • Multiple How-to documents and case studies

Prerequisites for students

To get the most out of this workshop, you should have familiarity with YARA and have experience building, crafting and designing rules.  Python experience recommended.


Monty St John
Director of Intelligence Services

Monty St John is the Director of the Intelligence Division of Cyberdefenses and is one of the primary instructors in the Cyberdefenses Academy, educating and raising the bar for the cybersecurity field. Monty’s history with security is long and varied, starting in 1990 with his initial grounding in intelligence work while in uniform and culminating in a seven-year stint with the Office of Special Investigations at the Defense Cyber Crime Center. He consistently strives to find new pathways to innovate in the realms of intelligence and investigation, crafting techniques to define, analyze or shape information into functional intelligence.

Monty speaks frequently at industry events and with customers about computer forensics, incident response, threat intelligence and reverse engineering. It’s rare not to bump into him at a conference, quietly and sometimes loudly trying to guide the dialogue in cybersecurity.


CyberDefenses exists for one purpose – to shield customers against cyber threats. Businesses and government agencies rely on our managed security services and comprehensive training delivered by highly seasoned and credentialed security experts and threat hunters since 2001. From identity management, security monitoring, threat detection, incident response, executive oversight and more, our services portfolio is tightly engineered to cover the threats organizations face today. For more information, please visit