Dusan
I'm Dusan, and I'm excited to be presenting at a conference for the first time! My professional journey led me to the role of a system engineer and people manager in the gaming industry. My passion for cybersecurity fuels my insatiable curiosity and lifelong commitment to learning.
Session
This talk is a result of a free-time project to try to truly understand how malware works and the presentation will show a personal journey into malware analysis, demonstrating how we can move beyond traditional signatures to try to stop modern threats.
During the talk we will give a try to practical methodology for detecting ransomware by applying machine learning and going beyond traditional signature-based detection. Also I'll show how I build a classifier that can distinguish ransomware from other malware families. Idea behind this talk is to give you insights how to perform data-driven feature engineering, extracting critical static indicators from PE headers and dynamic behavioral clues—like MITRE ATT&CK TTPs and registry modifications from analysis logs created in Cuckoo3 sandbox environment. I will walk through the process of training and evaluating couple of powerful models for classifications like Random Forest, XGBoost, CatBoost and LightGBM.
Technical Level: Beginner/Intermediate.
Prerequisites: Familiarity with terms like "sandbox" and "static/dynamic analysis" will be helpful to question my work. No specific preparation is required!