Two Unit 42 interns, a Threat Research Intern and a Malware Reverse Engineering Intern, describe hands-on projects and mentorship that deepened their technical skills in threat intelligence, automation, and malware analysis. They highlight projects like automating data ingestion, building a fidelity scoring framework, creating dashboards, and developing tools to auto-identify malware families and IOCs. #Unit42 #PaloAltoNetworks
Keypoints
- Two interns at Unit 42—Sakthi (Threat Research Intern) and Gabrielle (Malware Reverse Engineering Intern)—completed 12-week internships working on practical threat intelligence and malware analysis projects.
- Sakthi’s projects focused on automating manual data ingestion, implementing a fidelity scoring framework, and building dashboards to analyze repository data for trends and gaps.
- Gabrielle’s work centered on analyzing malware tickets to determine response levels and developing a tool to automatically identify malware families and extract indicators of compromise.
- Both interns reported significant hands-on learning, application of classroom knowledge, and exposure to cross-team collaboration and new technologies like AI and data platforms.
- The Unit 42 team culture emphasized mentorship, trust, initiative, and opportunities to work beyond assigned roles, accelerating professional growth.
- The internship experience reinforced the importance of automation and scalable tooling to free analysts for deeper research and to handle real-world cybersecurity challenges.
- Palo Alto Networks and Unit 42 support early-career development through structured internships that provide practical experience and continuous feedback.
MITRE Techniques
- [T1609] Collection – Automating data ingestion and enrichment to gather threat intelligence data more efficiently (“mechanizing the data ingestion workflow”).
- [T1114] Email Collection – Intern motivation tied to phishing scams informs research focus on phishing-related intelligence (“many of my loved ones had been tricked by phishing scams”).
- [T1082] System Information Discovery – Analyzing malware tickets to determine response levels implies examination of system and malware behaviors (“analyzing malware tickets to determine the level of response needed”).
- [T1588] Acquire Infrastructure – Building dashboards and tooling to identify trends and gaps supports tracking of infrastructure and resources used by adversaries (“building a dashboard to analyze knowledge repository data for identifying trends and gaps”).
- [T1583] Acquire Capabilities – Developing a tool to automatically identify malware families and extract IOCs demonstrates capability acquisition and automation (“developing a tool to help automate identifying the different malware families and pulling out the indicators of compromise automatically”).
Indicators of Compromise
- [File names / Malware families] internship projects context – automated identification of malware families and extraction of IOCs (no specific filenames provided).
- [Knowledge repository entries] threat intelligence context – dashboards and repository data used to identify trends and gaps (no explicit domains, IPs, or hashes provided).
Read more: https://unit42.paloaltonetworks.com/threat-intelligence-interns/