: Detailed observations of how the samples interact with a system, including attempts to override DNS settings, system shutdowns, and clipboard copying.
: Documentation of how the malware attempts to bypass Personal Firewalls (PFW) or Host Intrusion Prevention Systems (HIPS).
: Applying algorithms such as Random Forest or Gradient Boosting to classify malware types based on extracted features like file size or network connections. ColonelYobo_2022_Nov-Dec.zip
: Examining the binary or script without execution to find strings, headers, and potential packed signatures (e.g., UPX).
: Utilizing memory dump analysis to detect obfuscated malware that may not leave traces on the physical disk. : Detailed observations of how the samples interact
Write-ups of this nature generally employ several standard cybersecurity methodologies to extract information from the samples:
The zip file is a collection of malware analysis reports and artifacts associated with the Fall 2022 Introduction to Information Security (CS 6035) curriculum at Georgia Tech. Overview of Content : Examining the binary or script without execution
A writeup story for “The truth of Plain” | by Kulkan Security | Medium