Terry and John are two malware analysts working for an unnamed antivirus company. Terry has worked there for many years, and he is helping John, who started recently, to learn more about their work. John is starting to use Yara — an excellent tool for the description and detection of malware families. With Terry, they are analyzing potentially malicious samples, and they are creating so-called Yara rules. This is not a simple task to do — Yara may be easy to use, but it is difficult to master. How to write the best rule possible? The rule that is good in detection, precise, but also fast? Luckily, they have help – a researcher Caitlin, who is not scared to get really deep into Yara. Today, all three of them will go deeper into Yara than ever before — the journey to the rabbit hole can begin.