What is the main goal of Threat Hunting and how is it different from traditional threat monitoring?

Threat Hunting: To actively find hidden cyber threats that bypass normal security measures like antiviruses. Traditional threat monitoring: Relies on automated tools like antiviruses to detect known threats.

What are the four types of YARA rules and what does each one of them use to identify and classify malicious software?

String-based rules: Looks for specific text patterns in malware code. File metadata-based rules: Checks attributes like file type and size to spot suspicious files. Hash-based rules: Uses unique codes to identify files, even if they're altered. Network-based rules: Examines network traffic patterns to find malicious activity.

How are YARA rules similar to how Anti-Virus programs detect malicious software?

Both use patterns to find malware. YARA is more flexible and customizable in making specific rules. Antivirus relies on pre-made signatures for known threats. Both aim to find threats proactively but YARA can catch a wider range of issues.

Resources: https://archerint.com/what-are-yara-rules/ https://www.geeksforgeeks.org/threat-hunting-using-yara/