Explore the intricacies of malware analysis in this comprehensive conference talk from Circle City Con 2016. Delve into the importance of a malware analysis lab and learn about the various entry points in the malware analysis process. Discover a range of open-source malware analysis tools, including Cuckoo Sandbox and its different flavors. Address challenges like VM and sandbox-aware malware, and examine the outputs from tools such as Cuckoo, Thug, and Bro. Gain insights into the Volatility Framework, its operating system support, and output. Understand the orchestration and automation processes involved in malware analysis, equipping yourself with essential knowledge for effective cybersecurity practices.
Overview
Syllabus
Intro
Why Do I Need A Malware Analysis Lab?
Malware Analysis Process Entry Points
Open Source Malware Analysis Tools
More Than Just Dynamic Analysis
Cuckoo Sandbox Flavors
Cuckoo Modified
Cuckoo Next Generation
What if the Malware is VM or Sandbox Aware?
Cuckoo Output
Wolf in Sheep's Clothing
Thug Output
Extracted Files
Malware Command and Control Traffic
Collected Lots of Indicators
Bro Output
What is the Volatility Framework?
Operating System Support
Volatility Output
Cuckoo, Thug, Bro Process
Volatility. Thug, Cuckoo Process
Orchestration and Automation
