Week 5 Question
Hello, Hello, Again!
I am pleased to report we are almost half way through this Capstone 467 journey!
Please feel free to take a minute to learn about our Malware Analysis project updates, progress, and successes.
Several screenshots are included in this blog post to demonstrate several effective malware analysis tools in action.
Project Updates
How is the journey so far? What communication and project management tools are your team using? How is it going?
The journey of the Malware Analysis Project has been both challenging and rewarding. Our team has encountered numerous obstacles and surprises, which have enabled us to acquire new skills, apply our knowledge from the OSU CS Online post-baccalaureate program, and gain valuable real-world experience. One of the keys to our team’s success is the comprehensive Project Plan we developed at the beginning of the term. We ensured that tasks were allocated fairly and deliberately, which has helped us remain on schedule and manage our workload effectively.
To communicate successfully, we use various tools such as Microsoft Teams, Google Meet and Docs, email, and Zoom. Additionally, we meet twice per week through Microsoft Teams Chat to discuss the latest malware we are analyzing, troubleshoot any issues we are encountering, evaluate whether we are on track according to schedule, and plan how best to proceed. As we move forward, our group plans to allocate some additional time to learning and conducting dynamic analysis, asking one another questions, helping one another answer questions, and improving our time management skills.
Image 4: Sample of our Team’s Project Plan
Malware Analysis Progress
How frequently does your team analyze malware with new tools? Are the malware analysis tools easy to use? Has the malware been easy to examine? Are you having trouble identifying the malware’s behavior, or are you spending a lot of time trying to understand what the malware’s goal is?
When it comes to malware analysis, our team strives to use the right tools for the job. Of course, identifying exactly what the “job” requires is not an easy task. To combat this challenge, we continuously build and refine our arsenal of malware analysis tools. In this way, our team is developing a comprehensive malware assessment plan that outlines a strategy for analysis. As exploits becomes increasingly complex, we are deploying a range of effective analytic tools, adapting our strategies to gain further insights into the behavior and intent of the malware.
Our investigative process typically begins with static analysis and then moves to dynamic analysis, using a variety of tools that we have found to be effective. Such tools are depicted in the Malware Analysis Tools in Action screenshots and include, but are not limited to, inetsim, Process Monitor, PE Explorer, IDA, and x64dbg. Given malware’s ever-evolving exploitative nature, our team recognizes that we must regularly adjust our investigative strategies to gain a deeper understanding of each specific piece of malware’s behavior and intent. As a result, the time required to examine a particular type or portion of malware varies based on its unique characteristics.
Image 5: “Analysts”, Text-based description of malware analysts rendered graphically with MidjourneyAI
Project Success
Do you personally feel your part of the project will succeed? Do you feel your project is on-track to succeed? If not, what do you plan to do to get back on track?
Yes, and yes! For several reasons both my part of the project and the overall project are on track to succeed. First, our team created a clear and concise project plan that we follow diligently. Next, I strive to complete my assigned tasks with quality and in a timely manner, and I do not hesitate to ask questions when I’m unsure about something. Our team also communicates openly and regularly, and we work in pairs as well as a group. We employ both static and dynamic analyses and encourages each other throughout the process. Finally, our team prioritizes attending our bi-weekly meetings to check in and share information with each other.
In the unfortunate event that our team encountered issues and fell off track, we would take a moment to assess the situation. We would identify the root cause of the problem, whether it’s communication issues, lack of clarity, personal emergencies, or a lack of resources. We would then refocus on our goals, perhaps by improving communication between team members, optimizing our time management, delegating new tasks, and potentially discussing our progress with our superior (“client”/instructor). With these adjustments in place, we would act with purpose and get back on track towards the successful completion of our project.
Image 6: Isometric Cyber Flowchart, licensed from pngtree
Leave a Reply