2018 Volatility Analysis Contest

The challenge: Choose a sophisticated malware sample, attack framework, or challenging security incident scenario and write an analysis report detailing how Volatility could be used to find relevant artifacts of the activity within memory.

 

  • 1st place wins one free seat at any future Windows Malware and Memory Forensics Training *or* 1500 USD cash

  • 2nd place wins 750 USD cash

  • 3rd place wins 250 USD cash

  • 4th and 5th place wins Volatility swag (T-shirts, Stickers, etc)

Contest Results

Rules of Engagement

  1. The goal of the contest is to demonstrate innovative and useful malware analysis and detection techniques using The Volatility Framework.

  2. The memory analysis should be performed with the Volatility 2.6 (or greater) release.

  3. The top 5 winners of the contest will get the prizes mentioned above.

  4. Volatility core developers are not eligible.

  5. Submissions should be sent to contest[at]volatilityfoundation.org. The submission should include the analysis report, any files necessary to reproduce/verify the work (including the malware sample(s), memory sample(s)), and a summary paragraph describing why the submission should win the contest.

  6. By submitting an entry, you declare that you own the copyright to your report and are authorized to submit it.

  7. All submissions should be received no later than October 1, 2018. The winners will be announced before October 31, 2018. We recommend submitting early. In the case of similar submissions, preference will be shown to early submissions.

  8. The Volatility Project core developers will decide the winners based on the following criteria:

    1. Accuracy of the analysis

    2. Completeness of the analysis

    3. Clarity of the documentation

    4. Novelty of the analysis and malware/framework selected

    5. Sophistication of the malware/framework selected

    6. Submission date

    7. NOTE:  Submissions based on malware/frameworks that have been publicly documented using non-memory analysis techniques are not discouraged, but contestants are encouraged to focus on the analysis aspects that are unique to memory analysis.

  9. In order to collect the cash prizes, the winner will need to provide a legal photo identification and bank account information within 30 days of notification. The bank transfer will be made after the winner is authenticated.

  10. Group entries are allowed; the prize will be paid (or seat will be registered, if the training option is desired) to the person designated by the group.

  11. Upon approval from the winners, their names/aliases will be listed on the "Volatility Contest" web page for the world to admire.

  12. Selected contestants may also be asked to present their work at a future Open Memory Forensics Workshop and/or have their research featured on the Volatility Labs Blog.

 

 

© 2020 The Volatility Foundation