If you are interested in R&D in malware detection using AI: you can use WMI API to extract fruitful information about every malware and build a dataset for malware, specifically file-less malware.
Windows Management Instrumentation (WMI) API: is used to monitor windows operating systems. For example monitoring process creations, services, and privileges information for every malware, determining if the malware is packed or not. by checking allocation virtual size. Furthermore, threat actors use WMI in malicious intent, such as developing file-less malware You can write a WMI script using C++/C/ python/Powershell.
the attachment image is an example from the collected data.
source code: https://lnkd.in/ganSBPai
you can extend this code to extract more information using WMI from these links: https://lnkd.in/gcxwDyf4
https://lnkd.in/g-H2NzqV
reference: blackhat python book
Comments
Post a Comment