Simple play icon Course

File Analysis with LOKI

by Brian Dorr

LOKI is an open-source Indicator of Compromise (IOC) scanner utilizing YARA rules with complex sets of characteristics, file hashes, and patterns for malware identification and classification. It includes a predefined rule set and allows user additions.

What you'll learn

Detecting malware is crucial because it is the first step in safeguarding sensitive information and maintaining system integrity, and plays a critical role in preventing potential disruptions, loss of data, and breaches in privacy, all of which are essential in today's digitally interconnected world. In this course, File Analysis with LOKI, you’ll learn how to utilize LOKI Simple IOC scanner to scan files and potentially discover indicators of compromise to help safeguard your network. First, you’ll discuss what LOKI Simple IOC scanner is and what features it has. Next, you'll use it to scan a couple sample files to see how effective LOKI is in detecting indicators of compromise. Finally, you'll explore how to add newly discovered IOCs from malware analysis triage in any run. When you’re finished with this course, you’ll have the skills and knowledge to run LOKI Simple IOC scanner against files to detect indicators of compromise and add additional IOCs in order to detect potential adversarial activity and reduce security gaps.

Table of contents

About the author

Brian Dorr is a cybersecurity professional who is very passionate about information security and teaching. Brian has served just under 20 years on Active Duty in the Army and is currently serving as a Cyber Warfare Technician who is a technical advisor and serves as a Defensive Cyber Infrastructure support for 12 teams who rely on him for his technical expertise. He also teaches and mentors cyber security students at Agusta Technical College as an Adjunct Cyber Security Instructor. Brian has led... more

Ready to upskill? Get started