Recapping the GReAT AMA

When your company hosts an AMA on Reddit, you have to be ready for all possibilities. About four years ago, we were a bit apprehensive heading into our Global Research and Analysis Team (GReAT)’s first AMA and then the one with Eugene Kaspersky — but like Boy Scouts, we prepared. And despite the expected trolls (more on them in a bit), both events went off without a hitch for the most part.

You know, working with a global team and getting everyone on the same page was challenging even before COVID. Nevertheless, it had been a while, and we wanted to get the gang — plus a few more — back together.

Yesterday, we logged on to a virtual room for the AMA with Costin Raiu, Vitaly Kamluk, Brian Bartholomew, Noushin Shabab, Aseel Kayal, Ivan Kwiatkowski, Maria Namestnikova, Dmitry Bestuzhev, Ariel Jungheit, Dan Demeter, Igor Kuznetsov, and Kurt Baumgartner to kick off our second Reddit AMA. The event was slated to last 2 hours, but the team had so much fun, it lasted almost three times as long. Below are some of my favorite question threads of the chat.

What’s up with Antidrone?

I was glad to see the recent news of our antidrone technology caught some Reddit users’ eyes. The question and answer were pretty good.

There was a story recently about a “drone detector” originating from Kaspersky. Is that really a threat for some orgs, or is this primarily a Russian hobby?

Maria here: My neighbor has a drone, and he is Russian. So maybe it’s a Russian hobby, I don’t know. But a drone is, in many cases, just a flying camera that can make photos of anything the owner wants, be it what’s inside someone’s house or in the office, say on the monitors of the computers. So it seems there is something to worry about.

Brian here: Drones are definitely a threat to many organizations. For instance, prisons in the US are using anti-drone technology to help prevent the smuggling of contraband. The tech is also used in many public spaces, such as sporting events, large crowd gatherings, etc. for protection and monitoring. Some organizations are also concerned with corporate espionage through the use of drones.

How to learn YARA

As many a reader of this blog knows, YARA is a crucial tool for our research team as well as for many other threat hunters around the world. I’m glad to see people becoming interested in using it professionally.

I was hoping to learn Yara, but before doing that, what prerequisites should I be aware of? Do I need to know assembly, C & reverse engineering? My background is in network security.

Costin here: Yara’s syntax and strings are similar to C, so that would be a good start. General knowledge of reverse engineering helps, although we know many people who write Yara rules without ever having reversed any samples! A general feel of how malware looks like, how malware works and things like file formats is probably a good start. In case you haven’t seen it yet, do check out this short webinar I did on Yara back in March: https://securelist.com/hunting-apts-with-yara/96386/

PS: Our PR and sales are kindly asking me to try to sell you this training 🙂 Some people say it’s pretty good

Continue reading

This post was originally published on this site