Resource Smart Detection with YARA and osquery

Traditional filehash malware detection is relatively easy to circumvent as threat actors easily morph code to create “new” variants, rendering old IOC’s useless.

source

by SANS Blue Team Ops

linux foundation