{"id":28402,"date":"2020-11-14T04:11:53","date_gmt":"2020-11-13T17:11:53","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/great-ama-2020-recap\/28402\/"},"modified":"2020-11-14T04:11:53","modified_gmt":"2020-11-13T17:11:53","slug":"great-ama-2020-recap","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/great-ama-2020-recap\/28402\/","title":{"rendered":"Recapping the GReAT AMA"},"content":{"rendered":"

When your company hosts an AMA on Reddit, you have to be ready for all possibilities. About four years ago, we were a bit apprehensive heading into our Global Research and Analysis Team (GReAT)\u2019s first AMA<\/a> and then the one with Eugene Kaspersky<\/a> \u2014 but like Boy Scouts, we prepared. And despite the expected trolls (more on them in a bit), both events went off without a hitch for the most part.<\/p>\n

You know, working with a global team and getting everyone on the same page was challenging even before COVID. Nevertheless, it had been a while, and we wanted to get the gang \u2014 plus a few more \u2014 back together.<\/p>\n

Yesterday, we logged on to a virtual room for the AMA with Costin Raiu, Vitaly Kamluk, Brian Bartholomew, Noushin Shabab, Aseel Kayal, Ivan Kwiatkowski, Maria Namestnikova, Dmitry Bestuzhev, Ariel Jungheit, Dan Demeter, Igor Kuznetsov, and Kurt Baumgartner to kick off our second Reddit AMA<\/a>. The event was slated to last 2 hours, but the team had so much fun, it lasted almost three times as long. Below are some of my favorite question threads of the chat.<\/p>\n

What\u2019s up with Antidrone?<\/h2>\n

I was glad to see the recent news of our antidrone technology<\/a> caught some Reddit users\u2019 eyes. The question and answer were pretty good.<\/p>\n

There was a story recently about a \u201cdrone detector\u201d<\/a> originating from Kaspersky. Is that really a threat for some orgs, or is this primarily a Russian hobby?<\/em><\/p>\n

Maria here:<\/strong> My neighbor has a drone, and he is Russian. So maybe it\u2019s a Russian hobby, I don\u2019t know. But a drone is, in many cases, just a flying camera that can make photos of anything the owner wants, be it what\u2019s inside someone\u2019s house or in the office, say on the monitors of the computers. So it seems there is something to worry about.<\/p>\n

Brian here:<\/strong> Drones are definitely a threat to many organizations. For instance, prisons in the US are using anti-drone technology to help prevent the smuggling of contraband. The tech is also used in many public spaces, such as sporting events, large crowd gatherings, etc. for protection and monitoring. Some organizations are also concerned with corporate espionage through the use of drones.<\/p>\n

How to learn YARA<\/h2>\n

As many a reader of this blog knows, YARA is a crucial tool for our research team as well as for many other threat hunters around the world. I\u2019m glad to see people becoming interested in using it professionally.<\/p>\n

I was hoping to learn Yara<\/a>, but before doing that, what prerequisites should I be aware of? Do I need to know assembly, C & reverse engineering? My background is in network security.<\/em><\/p>\n

Costin here:<\/strong> Yara\u2019s syntax and strings are similar to C, so that would be a good start. General knowledge of reverse engineering helps, although we know many people who write Yara rules without ever having reversed any samples! A general feel of how malware looks like, how malware works and things like file formats is probably a good start. In case you haven\u2019t seen it yet, do check out this short webinar I did on Yara back in March: https:\/\/securelist.com\/hunting-apts-with-yara\/96386\/<\/p>\n

PS: Our PR and sales are kindly asking me to try to sell you this training :) Some people say it\u2019s pretty good actually: https:\/\/xtraining.kaspersky.com\/<\/p>\n

Vitaly here:<\/strong> To add to what Costin said and give him some credits, please watch this short presentation written entirely in Yara about Costin using Yara to catch 0-days: https:\/\/www.youtube.com\/watch?v=fbidgtOXvc0<\/p>\n

In essence, those skills are not required, but the more you know the more tools you have to create your own perfect Yara rule!<\/p>\n

The Catcher in the YARA \u2014 predicting black swans<\/a><\/p><\/blockquote>\n