April 29-30, 2025, ASTANA IT UNIVERSITY, ASTANA

1st International Conference on Cybersecurity, Digital Forensics, and AI Applications

Workshop from tLab Technologies
Effective Detection of File-Based Attacks on the Email Perimeter Using tLab Anti-APT: Customizing Yara and Sigma

This workshop will immerse participants in the world of cybersecurity and teach them how to leverage the innovative capabilities of the tLab Anti-APT platform to detect and block file-based attacks on the email perimeter. The focus will be on developing custom Yara and Sigma rules that consider the attack context, minimize false positives, and ensure robust protection.

A unique feature of the tLab Yara module is its ability to account for additional attribute data, including the attack vector (sender/recipient) and indicators from the tLab sandbox's static engines, enhancing detection accuracy. Additionally, participants will learn how to use the integrated SigmaHQ engine to identify complex attack scenarios.

This workshop provides an excellent opportunity for participants to tailor security solutions to their organization's needs, enhancing email perimeter protection.

Workshop Objectives
  • Train participants in developing custom Yara rules that consider the attack vector (sender, recipient, attachments) and indicators provided by the tLab sandbox’s static engines.
  • Demonstrate the capabilities of the SigmaHQ engine, integrated into tLab Anti-APT, for writing rules that respond to activity log events.
  • Examine false positive scenarios occurring in legitimate processes (e.g., adding macros to documents) and teach how to minimize them using contextual Yara rules
Workshop Scenarios
  • Detecting Real File-Based Attacks
    Participants will be presented with attack details (indicators of compromise, file behavior descriptions) and tasked with creating an effective Yara or Sigma rule to block an email with a malicious attachment.
  • Handling Legitimate Behavior Resembling Malicious Activity
    Participants will analyze scenarios where legitimate activities (e.g., adding macros to documents) mimic malicious ones. Their task will be to develop a Yara rule that accounts for the attack context (e.g., sender/recipient) to reduce false positives.
Workshop Format
Introduction
Overview of tLab Anti-APT functionalities and the capabilities of the tLab Yara and SigmaHQ modules
Practical Session
  • Participants receive data on attacks and typical false positive cases.
  • Development of rules for threat identification.
  • Discussion of results, error analysis, and rule optimization.
Conclusion
Best practices for further work with tLab Anti-APT and custom rule development.
Who Should Attend
  • ·Cybersecurity specialists
  • Administrators of cyberattack protection systems
  • SOC developers and analysts
  • Anyone interested in writing custom rules to secure infrastructure
What Participants Will Gain
  • Hands-on experience with tLab Yara and SigmaHQ
  • Insights into minimizing false positives
  • Recommendations for implementing tLab Anti-APT in their organizations
  • Ready-to-use rule examples for detecting advanced attacks
About tLab Technologies LLP Company
«tLab Technologies» protects systems from a new type of cyber threat. For more than 7 years, we have been successfully defending against APT-class attacks, zero-day attacks, and targeted malware. Our technologies are effective where typical protection tools are powerless.

Information about next workshop is under development.

Thank you for waiting and see you on ICCSDFAI 2025 in Astana!

  • website icon
    •  
Made on
Tilda