File Analysis with LOKI

LOKI is an open-source Indicator of Compromise (IOC) scanner utilizing YARA rules with complex sets of characteristics, file hashes, and patterns for malware identification and classification. It includes a predefined rule set and allows user additions.

Detecting malware is crucial because it is the first step in safeguarding sensitive information and maintaining system integrity, and plays a critical role in preventing potential disruptions, loss of data, and breaches in privacy, all of which are essential in today's digitally interconnected world. In this course, File Analysis with LOKI, you’ll learn how to utilize LOKI Simple IOC scanner to scan files and potentially discover indicators of compromise to help safeguard your network. First, you’ll discuss what LOKI Simple IOC scanner is and what features it has. Next, you'll use it to scan a couple sample files to see how effective LOKI is in detecting indicators of compromise. Finally, you'll explore how to add newly discovered IOCs from malware analysis triage in any run. When you’re finished with this course, you’ll have the skills and knowledge to run LOKI Simple IOC scanner against files to detect indicators of compromise and add additional IOCs in order to detect potential adversarial activity and reduce security gaps.

• Course Overview 1min
• Detecting IOCs on Files with LOKI 27mins
• Resources 2mins