For this lab, you’ll need a Ubuntu machine and a separate Kali Linux machine.

Key Sec+ Term: Indicators of Compromise

Indicators of Compromise (IoCs): IoCs are pieces of information that can be used to identify potentially malicious activity on a system or network. Examples of IoCs include specific file hashes, IP addresses, URLs, and specific strings or patterns of data.

YARA's Capability:

Beyond IoCs:

YARA rules can indeed match on IoCs, but they can also be crafted to identify threats in a more abstract or heuristic manner, making them a powerful tool for threat detection and research.

Click on this list of intelligence feeds.

Untitled

In this lab, we’ll do the following:

Install Apache2 on your Ubuntu machine.