Colonelyobo_2022_nov-dec.zip <Safe – TIPS>

A writeup story for “The truth of Plain” | by Kulkan Security | Medium

: Utilizing memory dump analysis to detect obfuscated malware that may not leave traces on the physical disk.

: Examining the binary or script without execution to find strings, headers, and potential packed signatures (e.g., UPX). ColonelYobo_2022_Nov-Dec.zip

Write-ups of this nature generally employ several standard cybersecurity methodologies to extract information from the samples:

The zip file is a collection of malware analysis reports and artifacts associated with the Fall 2022 Introduction to Information Security (CS 6035) curriculum at Georgia Tech. Overview of Content A writeup story for “The truth of Plain”

: Documentation of how the malware attempts to bypass Personal Firewalls (PFW) or Host Intrusion Prevention Systems (HIPS).

: Executing the malware in a controlled sandbox (like Cuckoo or Any.Run) to monitor real-time file system changes, network traffic, and API calls. Overview of Content : Documentation of how the

: Analysis of "hooks" in registry keys or values designed to protect autostart capabilities for the malware.