Explore dynamic malware analysis techniques and the Cuckoo Sandbox in this 50-minute conference talk from BSides NoVa 2017. Delve into the architecture challenges, functionality, and features of Cuckoo Sandbox, including its distributions and forks. Learn about analysis packages, submission options, and various analysis pages such as static, behavioral, and network analysis. Discover indicators for sandbox detection and countermeasures against anti-analysis techniques. Examine real-world malware examples like MBLCTR.EXE and Loader.exe, and gain insights into useful resources for further learning in the field of malware analysis.
Overview
Syllabus
Intro
Agenda
What is Dynamic Malware Analysis?
But what does the program actually do?
(Re)introducing Dynamic Analysis - Why?!
Architecture Challenges
How does it work?
To summarize...
Cuckoo Distributions
Cuckoo Forks Unique Features
Cuckoo Features
Comparison
Analysis Packages
Submission Options
Overview Page
Static Analysis Page
Behavioral Analysis Page
Network Analysis Page
Dropped Files Page
Additional Pages
Indicators for Sandbox/Analysis
Detection Countermeasures
Verify your Anti-Anti-Countermeasures!
Other Challenges
One Last Note on VMS
Let's Look at Malware!
MBLCTR.EXE
Loader.exe (26)
Useful Resources
Questions?
