What you'll learn

Modern malware uses obfuscation and packing to evade signature-based detection, leaving security teams unable to identify threat families or prioritize incident response.

In this course, Executable Analysis with YARA, you’ll learn to detect and classify malware families using behavioral pattern matching that works even when static analysis fails.

First, you’ll explore how to map malware behaviors to MITRE ATT&CK techniques (T1027 Obfuscated Files, T1105 Ingress Tool Transfer, T1587.001 Develop Malware) and apply SHIELD defensive countermeasures.

Next, you’ll discover how to build campaign-specific YARA rules that detect infostealer families like Azorult by hunting C2 infrastructure, victim profiling patterns, and stealer artifacts.

Finally, you’ll learn how to configure memory-based YARA detection for packed ransomware samples like Phobos, and integrate YARA rules with threat intelligence feeds for automated malware analysis.

When you’re finished with this course, you’ll have the skills and knowledge of behavioral malware detection needed to classify threat families, identify active campaigns, and operationalize YARA rules in your security infrastructure.