1
Ashar Aziz, Adrian Drzewiecki, Ramesh Radhakrishnan, Jayaraman Manni, Muhammad Amin: Heuristic based capture with replay to virtual machine. FireEye, Carr & Ferrell, May 1, 2012: US08171553 (151 worldwide citation)

A suspicious activity capture system can comprise a tap configured to copy network data from a communication network, and a controller. The controller is coupled to the tap and is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic t ...


2
Ashar Aziz, Adrian Drzewiecki, Ramesh Radhakrishnan, Jayaraman Manni, Muhammad Amin: Policy based capture with replay to virtual machine. FireEye, Carr & Ferrell, October 16, 2012: US08291499 (131 worldwide citation)

A suspicious activity capture system can comprise a tap configured to copy network data from a communication network, and a controller. The controller is coupled to the tap and is configured to receive the copy of the network data from the tap, analyze the copy of the network data to flag the networ ...


3
Osman Abdoul Ismael, Samuel Yie, Jayaraman Manni, Muhammad Amin, Bahman Mahbod: Detecting malicious network content using virtual environment components. FireEye, Blakely Sokoloff Taylor & Zafman, July 29, 2014: US08793787 (105 worldwide citation)

Malicious network content is identified based on the behavior of one or more virtual environment components which process network content in a virtual environment. Network content can be monitored and analyzed using a set of heuristics. The heuristics identify suspicious network content communicated ...


4
Jayaraman Manni, Ashar Aziz, Fengmin Gong, Upendran Loganathan, Muhammad Amin: Network-based binary file extraction and analysis for malware detection. FireEye, Blakely Sokoloff Taylor & Zafman, September 9, 2014: US08832829 (104 worldwide citation)

A system and method are disclosed for network-based file analysis for malware detection. Network content is received from a network tap. A binary packet is identified in the network content. A binary file, including the binary packet, is extracted from the network content. It is determined whether t ...


5
Ashar Aziz, Henry Uyeno, Jay Manni, Muhammad Amin, Stuart Staniford: Electronic message analysis for malware detection. FireEye, Rutan & Tucker, William W Schaal, August 11, 2015: US09106694 (90 worldwide citation)

An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a un ...


6
Jayaraman Manni, Ashar Aziz, Fengmin Gong, Upendran Loganathan, Muhammad Amin: Network-based binary file extraction and analysis for malware detection. FireEye, Blakely Sokoloff Taylor & Zafman, January 13, 2015: US08935779 (88 worldwide citation)

A system and method are disclosed for network-based file analysis for malware detection. Network content is received from a network tap. A binary packet is identified in the network content. A binary file, including the binary packet, is extracted from the network content. It is determined whether t ...


7
Emmanuel Thioux, Muhammad Amin, Darien Kindlund, Alex Pilipenko, Michael Vincent: Malicious content analysis using simulated user interaction without user involvement. FireEye, Rutan & Tucker, William W Schaal, August 11, 2015: US09104867 (85 worldwide citation)

Techniques for detecting malicious content using simulated user interactions are described herein. In one embodiment, a monitoring module monitors activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of a predetermined event triggered ...


8
Michael M Vincent, Abhishek Singh, Muhammad Amin, Zheng Bu: Detecting bootkits resident on compromised computers. FireEye, Rutan & Tucker, William W Schaal, February 2, 2016: US09251343 (45 worldwide citation)

Techniques detect bootkits resident on a computer by detecting a change or attempted change to contents of boot locations (e.g., the master boot record) of persistent storage, which may evidence a resident bootkit. Some embodiments may monitor computer operations seeking to change the content of boo ...


9
Ashar Aziz, Muhammad Amin, Osman Abdoul Ismael, Zheng Bu: System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits. FireEye, Rutan & Tucker, William W Schaal, April 5, 2016: US09306974 (42 worldwide citation)

A threat detection system is integrated with intrusion protection system (IPS) logic, virtual execution logic and reporting logic is shown. The IPS logic is configured to identify a first plurality of objects as suspicious objects and outputting information associated with the suspicious objects. Th ...


10
Emmanuel Thioux, Muhammad Amin, Osman Ismael: File extraction from memory dump for malicious content analysis. FireEye, Rutan & Tucker, William W Schaal, May 31, 2016: US09355247 (16 worldwide citation)

Techniques for malicious content detection using memory dump are described herein. According to one embodiment, a monitoring module is configured to monitor activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of one or more predetermi ...