Hala Ali

About

I am a PhD candidate in Computer Science at Virginia Commonwealth University. My research focuses on software and ML supply chain security, memory forensics, and malware analysis. Hands-on experience with SBOM and vulnerability analysis tools, including Syft, Trivy, CDXGen, CycloneDX-Python, Jake, and Grype, along with research experience developing runtime SBOM generation techniques for Python applications using memory forensics. My work also includes runtime detection of malicious ML model behavior and memory forensics techniques for detecting and analyzing Go-based and Python-based malware in memory. Recipient of the DFRWS 2025 Best Paper Award and the U.S. Cyber Command Defender Award. Speaker at DFRWS, WiCyS, PyCon US, and Black Hat USA Arsenal.

Research Interests

• Software Supply Chain Security, including SBOM generation and vulnerability reachability
• ML Supply Chain Security
• Memory Forensics and Malware Analysis, with focus on Python and Golang

News

• 2026: Security Advisory: "Reverse Shell Malware Disguised as Qwen2 Model on Hugging Face."
• 2026: Security Advisory: Malicious LoRA Weights with Host Reconnaissance and Outbound Exfiltration
• 2026: Arsenal Demo at Black Hat USA 2026: "MEM-SBOM: Runtime SBOM Generation from Python Process Memory."
• 2026: Speaker at PyCon US 2026: "Post-Incident Runtime SBOM Generation from Python Memory."
• 2026: Paper accepted at DFRWS USA 2026: "Memory Forensics Techniques for Automated Detection and Analysis of Go Malware."
• 2025: Recipient, DFRWS 2025 Best Paper Award. (media)
• 2025: Recipient, U.S. Cyber Command Defender Award.
• 2025: Media: "To Fight Cybercrime, VCU Student Unravels the Layers of 3D Printing" — VCU News.
• 2025: Co-Instructor, "Modern Memory Forensics with Volatility 3," DFRWS USA 2025 and WiCyS 2025.
• 2025: Speaker at WiCyS 2025: "Leveraging Memory Forensics Techniques in Python-based Supply Chain Security."

Selected Projects

MEM-SBOM: Runtime SBOM Generation from Python Memory

Built memory forensics techniques to generate execution-grounded SBOMs from Python applications, recover loaded modules, construct runtime dependency graphs, and support vulnerability reachability analysis beyond static metadata.

Keywords: SBOM, Python, memory forensics, Volatility 3, dependency analysis, vulnerability reachability.

Runtime Detection of Malicious ML Models

Developing runtime security techniques to detect malicious behavior in ML models during loading and inference, with a focus on improving visibility into what models actually execute and identifying attacks missed by static scanners.

Keywords: ML supply chain security, malicious models, runtime detection, eBPF, syscall tracing, Hugging Face.

Memory Forensics of Go Malware

Developed memory forensics techniques to reconstruct runtime artifacts of Go-based malware, including strings, function metadata, goroutines, execution paths, and runtime state.

Keywords: Go malware, Golang, memory forensics, Volatility 3, malware analysis, runtime artifacts.

Python Runtime Memory Forensics

Developed memory forensics techniques to recover Python runtime objects directly from memory, including modules, classes, functions, frames, and execution state.

Keywords: Python internals, memory forensics, Volatility 3, runtime analysis, malware analysis.

Publications

1. Ali, H., Case, A., and Ahmed, I. "Memory Forensics Techniques for Automated Detection and Analysis of Go Malware." DFRWS USA, 2026. (link)
2. Ali, H., Case, A., and Ahmed, I. "Leveraging Memory Forensics to Investigate and Detect Illegal 3D Printing Activities." Forensic Science International: Digital Investigation, Elsevier, 2025. (link)
3. Ali, H., Case, A., and Ahmed, I. "Memory Analysis of the Python Runtime Environment." Forensic Science International: Digital Investigation, Elsevier, 2025. (link)
4. Ali, H., Cano, A., and Ahmed, I. "Machine Learning-based Early Detection of Malicious G-Code Manipulations in 3D Printing." Journal of Manufacturing Processes, Elsevier, 2025. (link)
5. Ali, H. and Ahmed, I. "LAAKA: Lightweight Anonymous Authentication and Key Agreement Scheme for Secure Fog-driven IoT Systems." Computers & Security, Elsevier, 2024. (link)
6. Ali, H. and Sridevi, R. "Mobility and Security Aware Real-Time Task Scheduling in Fog-Cloud Computing for IoT Devices: A Fuzzy-Logic Approach." The Computer Journal, Oxford Academic, 2023. (link)
7. Ali, H. and Sridevi, R. "Credential-based Authentication Mechanism for IoT Devices in Fog-Cloud Computing." International Conference on ICT for Sustainable Development, 2022. (link)
8. Ali, H., Rout, R. R., Parimi, P., and Das, S. K. "Real-Time Task Scheduling in Fog-Cloud Computing Framework for IoT Applications: A Fuzzy Logic-based Approach." COMSNETS, 2021. (link)

Under Review

• Ali, H., Case, A., and Ahmed, I. "What You See Is Not What You Execute: Memory-Based Runtime SBOM Generation for Supply Chain Security." Computers & Security, Elsevier.

Talks and Presentations

• Arsenal Demo, "MEM-SBOM: Runtime SBOM Generation from Python Process Memory," Black Hat USA, August 2026.
• Speaker, "Post-Incident Runtime SBOM Generation from Python Memory," PyCon US, May 2026.
• Speaker, "Leveraging memory forensics to investigate and detect illegal 3D printing activities," DFRWS US, July 2025. (media)
• Speaker, "Leveraging Memory Forensics Techniques in Python-based Supply Chain Security," WiCyS Conference, April 2025.
• Speaker, "Leveraging Memory Forensics Techniques in Python-based Supply Chain Security," Computer Science Department, Virginia Commonwealth University, October 2024.
• Speaker, "Cybersecurity in Additive Manufacturing Systems: Attacks and Defenses," Aerospace Supply Chain Risk Management Capabilities Center Workshop, Space ISAC, August 2023.

Teaching

Courses

• Teaching Assistant, CMSC608: Advanced Database, Computer Science Department, Virginia Commonwealth University, Spring 2026.
• Teaching Assistant, CMSC535: Introduction to Data Science, Computer Science Department, Virginia Commonwealth University, Fall 2025.
• Teaching Assistant, CMSC235: Computing and Ethics Data, Computer Science Department, Virginia Commonwealth University, Fall 2023.

Workshops and Training

• Co-Instructor, "Modern Memory Forensics with Volatility 3," DFRWS USA and WiCyS, 2025.
• Co-Instructor, "Natural Language Processing for Digital Forensics," High-Tech Crimes Division, Virginia State Police, February 2024.
• Co-Instructor, "Natural Language Processing for Digital Forensics," DFRWS USA, July 2023.
• Co-Instructor, The Troubled Elevator Challenge, DFRWS USA, July 2023.

Awards and Recognition

• Best Paper Award, 25th Annual Digital Forensics Research Conference, DFRWS USA, July 2025.
• United States Cyber Command Defender Award, 3rd Annual Cyber RECon Conference, May 2025.

CVE

• CVE-2024-51330: Arbitrary Code Execution Vulnerability in Ultimaker Cura via Malicious G-Code Project.

Professional Service and Open Source

Program Committee

• DFRWS USA 2026

Journal Reviewer

• IEEE Internet of Things Journal
• IEEE Open Journal of the Communications Society
• Computers & Security
• The Computer Journal
• The Journal of Supercomputing

Research Supervision

• Mentor, "LLM in Digital Forensics," Summer Research Opportunities, VCU, 2024.
• Mentor, "Machine Learning for Cybersecurity in 3D Printers," Undergraduate Project, VCU, 2023.

Open Source Contributions

• Contributor to Syft, cdxgen, and sbom4python projects. Submitted pull requests improving Python dependency parsing and SBOM coverage.

Training Courses

• Malware and Memory Forensics with Volatility, Volexity, 36 Credit Hours, April 2025. Focus: Advanced Volatility 3 plugin development and malware memory analysis.

Technical Skills

• Programming Languages: Python, C, Go
• Security and Forensics Tools: Volatility 3, Ghidra, eBPF
• SBOM Tools: Syft, Trivy, CDXGen, ORT, CycloneDX-Python, Jake, Grype

Memberships and Competitions

• Student Member, Women in Cybersecurity
• Participant, CISA ICS Capture The Flag Competition, 2024

Contact

Email: alih16@vcu.edu

Google Scholar | LinkedIn