Have you ever wondered how security products detect malicious code? And how attackers, knowing that, attempt to stay ahead of static-based signature detection? Our threat intelligence system confirms that threats get updated often. While some aspects of the behavior are unique for a specific threat actor, some behavior is common across malware families. Where static analysis fails, sandboxing a malware may reveal more about its real purpose. Your objective in this project is to leverage data extracted from static analysis signatures to boost a sandbox's capabilities of recognizing suspicious behavior. As a result, you will understand how threat actors operate, you will improve you Windows OS internals, and understand what the challenges of a malware analyst are.

What you will gain: • Learning about sandbox for malware analysis, signatures, static analysis vs dynamic analysis.

Skills required: Python, linux sandboxing, malware analysis