: Utilizing memory dump analysis to detect obfuscated malware that may not leave traces on the physical disk.
The zip file is a collection of malware analysis reports and artifacts associated with the Fall 2022 Introduction to Information Security (CS 6035) curriculum at Georgia Tech. Overview of Content ColonelYobo_2022_Nov-Dec.zip
: Use of tools like malheur for unsupervised machine learning analysis, focusing on "prototypes" to classify malware behavior. Common Analysis Techniques Used : Utilizing memory dump analysis to detect obfuscated
: Applying algorithms such as Random Forest or Gradient Boosting to classify malware types based on extracted features like file size or network connections. Common Analysis Techniques Used : Applying algorithms such
: Executing the malware in a controlled sandbox (like Cuckoo or Any.Run) to monitor real-time file system changes, network traffic, and API calls.
: Analysis of "hooks" in registry keys or values designed to protect autostart capabilities for the malware.