Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Bypassing Malware Analysis Sandboxes Is Easy - Let’s Discuss How They Are Doing It and Why It Works

Security BSides San Francisco via YouTube

Overview

Explore the intricacies of bypassing malware analysis sandboxes in this 39-minute conference talk from BSidesSF 2017. Delve into various automated cloud malware analysis sandboxes, including VxStream/Reverse.It, Malwr, and Cuckoo, as well as high-end commercial solutions. Examine the effectiveness of these tools in analyzing different file formats, such as .DOC and .PDF, and compare their performance against manual analysis techniques. Gain insights into the gaps in sandbox analysis, their reliability for incident response, and their ability to provide sufficient data for network defense and infection remediation. Learn about various evasion techniques employed by malware, including password-protected files, time-based triggers, and parentless processes. Evaluate the efficiency and limitations of email gateways, web proxies, and other security solutions in detecting and analyzing malware.

Syllabus

Introduction
Who am I
What is a sandbox
Passwordprotected files
Olay objects
URL in document
Time
Reverse Audit
Log Analysis
Network Traffic
Persistence
Fax
Strings
Office Mail Scanner
Email Gateway
WordBox
Blank Screens
Web Proxy
Who else got infected
Breaking automated analysis
Parentless processes
Manual vs Cloud
XMNBM
Ransomware
Additional reports
Efficiency
Questions
Summary

Taught by

Security BSides San Francisco

Reviews

Start your review of Bypassing Malware Analysis Sandboxes Is Easy - Let’s Discuss How They Are Doing It and Why It Works

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.