{"id":8760,"date":"2020-09-09T12:42:22","date_gmt":"2020-09-09T09:42:22","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=8760"},"modified":"2020-09-09T12:42:22","modified_gmt":"2020-09-09T09:42:22","slug":"cybersecurity-expert-training","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/cybersecurity-expert-training\/8760\/","title":{"rendered":"YARA’daki Avc\u0131 \u2014 Siyah ku\u011fular\u0131 tahmin etmek"},"content":{"rendered":"

\u0130nsanl\u0131k \u00e7ok \u00e7ok uzun zamand\u0131r 2020\u2019ye benzer bir y\u0131l ya\u015famad\u0131. \u00c7e\u015fitli t\u00fcr ve bi\u00e7imlerdeki siyah ku\u011fular\u0131n bu kadar yo\u011fun oldu\u011fu bir y\u0131l ge\u00e7irdi\u011fimi hi\u00e7 hat\u0131rlam\u0131yorum. Bunu s\u00f6ylerken t\u00fcyl\u00fc olanlardan<\/a> bahsetmiyorum. Nassim Nicholas Taleb<\/a>\u2018in 2007\u2019de Siyah Ku\u011fu: Olas\u0131l\u0131ks\u0131z G\u00f6r\u00fcnenin Etkisi<\/em><\/a> adl\u0131 kitab\u0131nda anlatt\u0131\u011f\u0131 teorisindeki, geni\u015f kapsaml\u0131 sonu\u00e7lar\u0131 olan beklenmedik olaylardan bahsediyorum. Teorinin ana ilkelerinden biri, geriye d\u00f6n\u00fcp bak\u0131ld\u0131\u011f\u0131nda, meydana gelmi\u015f olan \u015fa\u015f\u0131rt\u0131c\u0131 olaylar\u0131n a\u00e7\u0131k ve tahmin edilebilir g\u00f6r\u00fcnmesidir; ancak ortaya \u00e7\u0131kmadan \u00f6nce kimse onlar\u0131 tahmin edemez.<\/p>\n

\u00d6rnek: Mart\u2019tan beri d\u00fcnyay\u0131 karantinaya alan bu korkun\u00e7 vir\u00fcs. G\u00f6r\u00fcn\u00fc\u015fe g\u00f6re koronaviridae<\/em><\/a> familyas\u0131ndan bir \u00e7ok vir\u00fcs var \u2014 birka\u00e7 d\u00fczine \u2014 ve yenileri bulunmaya devam ediyor. Kediler, k\u00f6pekler, ku\u015flar ve yarasalar\u0131n t\u00fcm\u00fcne bula\u015f\u0131yor. \u0130nsanlara da bula\u015f\u0131yor. Baz\u0131lar\u0131 so\u011fuk alg\u0131nl\u0131\u011f\u0131na neden oluyor. Di\u011ferleri kendini farkl\u0131 \u015fekillerde g\u00f6steriyor. Bu nedenle, \u00e7i\u00e7ek hastal\u0131\u011f\u0131, \u00e7ocuk felci ve di\u011fer \u00f6l\u00fcmc\u00fcl vir\u00fcsler i\u00e7in oldu\u011fu gibi, bu vir\u00fcsler i\u00e7in de a\u015f\u0131 geli\u015ftirmemiz gerekiyor. Tabii ki bir a\u015f\u0131ya sahip olman\u0131n her zaman \u00e7ok b\u00fcy\u00fck bir yard\u0131m\u0131 olmaz. Mesela gribe bakal\u0131m \u2014 ka\u00e7 y\u00fczy\u0131ld\u0131r insanlara ba\u011f\u0131\u015f\u0131kl\u0131k kazand\u0131racak bir a\u015f\u0131 hala bulunamad\u0131 m\u0131? Her neyse, bir a\u015f\u0131y\u0131 geli\u015ftirmeye ba\u015flamak i\u00e7in bile ne arad\u0131\u011f\u0131n\u0131z\u0131 bilmeniz gerekir ve bu art\u0131k bilimden \u00e7ok sanata benziyor.<\/p>\n

Size bunlar\u0131 neden anlat\u0131yorum? Bunlar\u0131n konuyla ilgisi ne?\u2026 Ya siber g\u00fcvenlik ya da egzotik bir seyahatle ba\u011flant\u0131l\u0131 olmal\u0131, de\u011fil mi ?! Bug\u00fcn ilkinden bahsedece\u011fiz.<\/p>\n

\u015eu anda var olan en tehlikeli siber tehditlerden biri, s\u0131f\u0131r g\u00fcn a\u00e7\u0131klar\u0131d\u0131r<\/a> \u2014 yaz\u0131l\u0131mlardaki, Aman Tanr\u0131m!<\/em> dedirtecek kadar b\u00fcy\u00fck \u00e7aptaki korkun\u00e7 ve zarar verebilen, nadir ve bilinmeyen (siber g\u00fcvenlik uzmanlar\u0131 ve di\u011fer ki\u015filer taraf\u0131ndan) g\u00fcvenlik a\u00e7\u0131klar\u0131d\u0131r \u2014 ve bu a\u00e7\u0131klar a\u00e7\u0131\u011fa \u00e7\u0131kana kadar (veya bazen sonras\u0131na) genellikle fark edilemezler.<\/p>\n

Ancak, siber g\u00fcvenlik uzmanlar\u0131n\u0131n belirsizlikle ba\u015fa \u00e7\u0131kma ve siyah ku\u011fular\u0131 tahmin etme y\u00f6ntemleri vard\u0131r. Bu yaz\u0131da tamamen bu i\u015fe yarayan bir ara\u00e7tan bahsetmek istiyorum: YARA<\/a>.<\/p>\n

YARA k\u0131saca, belirli ko\u015fullar\u0131 kar\u015f\u0131layan dosyalar\u0131 tan\u0131mlayarak, metinsel veya ikili modellere dayal\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m familyalar\u0131n\u0131n tan\u0131mlar\u0131n\u0131 olu\u015fturmak i\u00e7in kurallara dayal\u0131 bir yakla\u015f\u0131m sa\u011flay\u0131p k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ara\u015ft\u0131rmas\u0131na ve tespitine yard\u0131mc\u0131 olur (Evet kula\u011fa karma\u015f\u0131k geliyor. Daha sade bir anlat\u0131m i\u00e7in devam\u0131n\u0131 okuyun.). Bu nedenle, kal\u0131plar\u0131 belirleyerek benzer k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 aramak i\u00e7in kullan\u0131l\u0131r. Ama\u00e7, baz\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 programlar\u0131n ayn\u0131 ki\u015filerce benzer ama\u00e7larla yap\u0131lm\u0131\u015f gibi g\u00f6r\u00fcnd\u00fc\u011f\u00fcn\u00fc ifade edebilmektir.<\/p>\n

Tamam, \u015fimdi di\u011fer bir metafora d\u00f6nelim: siyah ku\u011fu gibi su bazl\u0131 olan ba\u015fka bir metafora: Denize.<\/p>\n

Diyelim ki internet a\u011f\u0131n\u0131z binlerce bal\u0131k t\u00fcr\u00fc ile dolu olan bir okyanus ve siz de bal\u0131klar\u0131 yakalamak i\u00e7in geminizden devasa ak\u0131nt\u0131 a\u011flar\u0131 atan, okyanustaki profesyonel bal\u0131k\u00e7\u0131lardan birisiniz \u2014 ancak yaln\u0131zca belirli bal\u0131k t\u00fcrleri (belirli hacker gruplar\u0131 taraf\u0131ndan olu\u015fturulmu\u015f k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m) ilginizi \u00e7ekiyor. \u00d6ncelikle, ak\u0131nt\u0131 a\u011f\u0131 \u00f6zel bir t\u00fcr a\u011fd\u0131r. \u00d6zel b\u00f6lmeleri vard\u0131r ve her b\u00f6lmeye yaln\u0131zca belirli t\u00fcrden bal\u0131klar (k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m \u00f6zellikleri ta\u015f\u0131yanlar) yakalan\u0131r.<\/p>\n

Vardiyan\u0131z\u0131n sonunda sahip oldu\u011funuz \u015fey, hepsi b\u00f6l\u00fcmlere ayr\u0131lm\u0131\u015f, baz\u0131lar\u0131 nispeten yeni, daha \u00f6nce hi\u00e7 g\u00f6r\u00fclmemi\u015f bal\u0131klar (yeni k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m \u00f6rnekleri), hakk\u0131nda neredeyse hi\u00e7bir \u015fey bilmedi\u011finiz \u00e7ok say\u0131da bal\u0131kt\u0131r. Ancak belirli b\u00f6l\u00fcmdeylerse \u2014 \u201c[hacker group] X t\u00fcr\u00fcne benzeyen\u201d veya \u201c[hacker group] Y t\u00fcr\u00fcne benzeyen\u201d bal\u0131klar var diyelim.<\/p>\n

\u0130\u015fte bal\u0131k\/bal\u0131k\u00e7\u0131l\u0131k metaforunu a\u00e7\u0131klayan bir \u00f6rnek<\/a>. YARA uzman\u0131m\u0131z ve GReAT<\/a>\u2018in ba\u015fkan\u0131 Costin Raiu, 2015 y\u0131l\u0131nda Microsoft\u2019un Silverlight yaz\u0131l\u0131m\u0131nda bir a\u00e7\u0131k bulabilmek i\u00e7in tam anlam\u0131yla bir siber-Sherlock\u2019a d\u00f6n\u00fc\u015ft\u00fc. Bu makaleyi kesinlikle okumal\u0131s\u0131n\u0131z, ancak \u00f6zetlersek Raiu\u2019nun yapt\u0131\u011f\u0131 \u015fey, pratikte bir YARA kural\u0131n\u0131 s\u0131f\u0131rdan olu\u015fturmak i\u00e7in hackerlar taraf\u0131ndan s\u0131zd\u0131r\u0131lan belirli e-posta yaz\u0131\u015fmalar\u0131n\u0131 dikkatlice incelemekti, ancak bu bir a\u00e7\u0131\u011f\u0131 bulmas\u0131na ve b\u00f6ylece d\u00fcnyay\u0131 devasa bir sorundan korumas\u0131na yard\u0131mc\u0131 oldu (Yaz\u0131\u015fma, Hacking Team ad\u0131nda bir \u0130talyan firmas\u0131na aitti \u2014 hackerlar, hackerlar\u0131 hackliyor!).<\/p>\n

YARA kurallar\u0131na d\u00f6nersek\u2026<\/p>\n

Y\u0131llard\u0131r YARA kural\u0131 olu\u015fturma sanat\u0131n\u0131 \u00f6\u011fretiyoruz. YARA\u2019n\u0131n ortaya \u00e7\u0131kmas\u0131na yard\u0131mc\u0131 oldu\u011fu siber tehditler olduk\u00e7a karma\u015f\u0131kt\u0131r, bu y\u00fczden kurslar\u0131 her zaman y\u00fcz y\u00fcze \u2014 \u00e7evrimd\u0131\u015f\u0131 \u015fekilde \u2014 ve yaln\u0131zca en iyi siber g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131ndan olu\u015fan dar bir grup i\u00e7in d\u00fczenledik. Elbette Mart ay\u0131ndan bu yana karantina y\u00fcz\u00fcnden \u00e7evrimd\u0131\u015f\u0131 e\u011fitim d\u00fczenlemek zorla\u015ft\u0131; ancak e\u011fitim ihtiyac\u0131 neredeyse hi\u00e7 bitmedi ve kurslar\u0131m\u0131za olan ilgide de bir azalma olmad\u0131.<\/p>\n

Bu \u00e7ok do\u011fal: Siber k\u00f6t\u00fcler, her zamankinden daha karma\u015f\u0131k sald\u0131r\u0131lar\u0131 d\u00fc\u015f\u00fcnmeye devam ediyor \u2014 karantinada daha da fazlas\u0131n\u0131<\/a>. Dolay\u0131s\u0131yla, karantina d\u00f6neminde YARA konusundaki uzmanl\u0131\u011f\u0131m\u0131z\u0131 kendimize saklamam\u0131z \u00e7ok yanl\u0131\u015f olurdu. Bu nedenle, (1) e\u011fitim format\u0131m\u0131z\u0131 \u00e7evrimd\u0131\u015f\u0131ndan \u00e7evrimi\u00e7ine \u00e7evirdik ve (2) herkes i\u00e7in eri\u015filebilir hale getirdik. Tabii ki e\u011fitim \u00fccretsiz de\u011fil ancak bu seviyedeki (en y\u00fcksek seviyede) b\u00f6yle bir kurs i\u00e7in fiyat, olduk\u00e7a rekabet\u00e7i ve piyasa ortalamas\u0131nda.<\/p>\n

Tan\u0131t\u0131m<\/a>:<\/p>\n

\"\"<\/p>\n

Ba\u015fka ne var?<\/p>\n

Ah evet.<\/p>\n

Tabii ki, vir\u00fcsten kaynaklanan sorunlar\u0131n t\u00fcm d\u00fcnyay\u0131 etkiledi\u011fini g\u00f6z \u00f6n\u00fcnde bulundurarak \u00f6n saflarda yer alanlara yard\u0131mc\u0131 olmaya devam edece\u011fiz. Bu korona olay\u0131 ba\u015flad\u0131\u011f\u0131nda, \u00fccretsiz lisanslar vererek sa\u011fl\u0131k kurulu\u015flar\u0131na yard\u0131mc\u0131 olmaya ba\u015flad\u0131k<\/a>. \u015eimdi buna ek olarak, \u00e7e\u015fitli ama\u00e7lar i\u00e7in hak ve \u00f6zg\u00fcrl\u00fck m\u00fccadelesi veren veya siber uzay\u0131 daha iyi bir yer haline getirmeye odaklanan, kar amac\u0131 g\u00fctmeyen sivil toplum kurulu\u015flar\u0131na yard\u0131m ediyoruz (Tam liste burada yer al\u0131yor<\/a>). YARA e\u011fitimimiz, onlara \u00fccretsiz olacak.<\/p>\n

Neden? \u00c7\u00fcnk\u00fc STK\u2019lar, hedefli sald\u0131r\u0131larda hackenme<\/a> risk bulunan \u00e7ok hassas bilgileri i\u015fliyorlar ve t\u00fcm STK\u2019lar BT uzmanlar\u0131 i\u00e7eren bir departman olu\u015fturma l\u00fcks\u00fcne sahip de\u011fil.<\/p>\n

\"\"<\/p>\n

Kursta nelerin oldu\u011funa h\u0131zl\u0131ca bir g\u00f6z atal\u0131m:<\/p>\n

%100 \u00e7evrimi\u00e7i, \u00f6\u011frenme h\u0131z\u0131n\u0131za g\u00f6re d\u00fczenlenmi\u015f bir e\u011fitim. Kursu ister birka\u00e7 ak\u015famda yo\u011fun bir \u015fekilde alarak, isterseniz bir aya yayarak tamamlayabilirsiniz.<\/p>\n

Hem teori hem de uygulamal\u0131 g\u00f6revlerden olu\u015fan bir kombinasyondur. E\u011fitim i\u00e7eri\u011finde kural yazma ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m \u00f6rneklerini arama konusuna odaklanan sanal bir laboratuvar mevcut.<\/p>\n

Uygulamal\u0131 al\u0131\u015ft\u0131rmalar, ger\u00e7ek siber casusluk sald\u0131r\u0131lar\u0131 \u00f6rneklerine dayan\u0131yor.<\/p>\n

Hakk\u0131nda net bir bilginizin olmad\u0131\u011f\u0131 bir \u015feyi arama sanat\u0131 ile ilgili bir mod\u00fcl; sezgilerinizin size siber k\u00f6t\u00fcl\u00fc\u011f\u00fcn bir yerde pusuda oldu\u011funu s\u00f6yledi\u011fi, ancak nerede veya hangi siber k\u00f6t\u00fcl\u00fc\u011f\u00fcn oldu\u011funu bilmedi\u011finiz durumlar i\u00e7in \u00f6zel geli\u015ftirildi.<\/p>\n

YARA ninjas\u0131 olarak yeni stat\u00fcn\u00fcz\u00fc belgeleyen, kursu tamamland\u0131\u011f\u0131n\u0131za dair bir sertifika. \u00d6nceki mezunlar\u0131n da s\u00f6yledi\u011fi gibi, bu sertifika kariyerlerine ger\u00e7ekten \u00e7ok yard\u0131mc\u0131 oluyor.<\/p>\n

\"\"<\/p>\n

Size \u00f6zetle, \u00e7ok karma\u015f\u0131k siber tehditlerle sava\u015fmak i\u00e7in daima elinizin alt\u0131nda olacak son derece yararl\u0131 bir ba\u015fka potansiyel ara\u00e7 sunuyoruz. Bu arada, tehditlerle daha iyi \u015fekilde m\u00fccadele etmeye devam etmek \u00fczere, t\u00fcm bilgi birikimimizi ve pratik deneyimlerimizi daha da kapsaml\u0131 \u015fekilde payla\u015fabilece\u011fimiz siber dedektiflik \u00e7al\u0131\u015fmalar\u0131m\u0131za devam etti\u011fimiz K<\/em>\u2018de i\u015fler her zamanki gibi yolunda!<\/p>\n","protected":false},"excerpt":{"rendered":"

Kaspersky, YARA hakk\u0131nda kapsaml\u0131 bir kursla ba\u015flayan, \u00e7evrimi\u00e7i siber g\u00fcvenlik uzman\u0131 e\u011fitim serisini sunar.<\/p>\n","protected":false},"author":13,"featured_media":8761,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1352],"tags":[1270,72,627,2264],"class_list":{"0":"post-8760","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-special-projects","8":"tag-egitim","9":"tag-eugene-kaspersky","10":"tag-great","11":"tag-yara"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/cybersecurity-expert-training\/8760\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cybersecurity-expert-training\/21829\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cybersecurity-expert-training\/17294\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/cybersecurity-expert-training\/23192\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cybersecurity-expert-training\/21387\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/cybersecurity-expert-training\/20019\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/cybersecurity-expert-training\/23775\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/cybersecurity-expert-training\/22708\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cybersecurity-expert-training\/29006\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cybersecurity-expert-training\/36887\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/cybersecurity-expert-training\/15576\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/cybersecurity-expert-training\/15992\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/cybersecurity-expert-training\/13936\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/cybersecurity-expert-training\/25061\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/cybersecurity-expert-training\/29154\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/cybersecurity-expert-training\/26019\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cybersecurity-expert-training\/22799\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cybersecurity-expert-training\/28123\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cybersecurity-expert-training\/27953\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/egitim\/","name":"e\u011fitim"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8760","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=8760"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8760\/revisions"}],"predecessor-version":[{"id":8763,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8760\/revisions\/8763"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/8761"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=8760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=8760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=8760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}