BSidesLV 2017

This will be the official public launch of BinaryAlert, a newly developed open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spreads.

The serverless design leads to strong security, automatic scalability, and very low cost. The YARA ruleset can be updated at any time, triggering a re-analysis of the entire bucket and alerting if any new matches are found. BinaryAlert is fully managed with Terraform configuration files and can be deployed in minutes with a single command.

This talk will review the flexibility and popularity of YARA rules, explain the BinaryAlert architecture and demo a deployment followed by a triggered alert (starting from only an empty AWS account).