This Investigating Malware with Falcon MalQuery training course covers all angles of MalQuery's use, from beginner searches through advanced malware hunting with YARA.
By attending Investigating Malware with Falcon MalQuery workshop, delegates will learn to:
- Use MalQuery Search, Hunt, and Monitor to categorize malware
- Apply tools to known or suspected malware samples to extract potential functions
- Differentiate use cases between MalQuery Search and Hunt
- Research malware samples to determine family relationships and other indicators
- Determine if sample is malware, and if so, to which family it belongs
- Analyze findings to determine possible actor attribution
- Utilize proper YARA rule-writing techniques to enable hunting
- Create new YARA rules based on retrieved indicators
- Apply intelligence analysis concepts to better use malware research techniques
- Knowledge of Falcon Platform (or experience using CrowdStrike Falcon)
- Intermediate knowledge of cybersecurity incident investigation and incident lifecycle