Full System Emulation - Achieving Successful Automated Dynamic Analysis of Evasive Malware

Explore full system emulation techniques for successful automated dynamic analysis of evasive malware in this Black Hat conference talk. Delve into the challenges faced by forensics experts and anti-malware solutions when extracting information from malicious files. Learn about dynamic analysis (sandboxing) methods for identifying suspicious behaviors and assessing risks associated with running malware samples. Discover the evolving techniques used by attackers to evade or complicate analysis, and gain insights into designing effective dynamic analysis systems. Compare externally instrumented full-system emulation with other approaches like OS emulation and traditional virtualization. Examine real-world examples of evasion techniques, including environment triggers, stalling code, and human interaction detection. Uncover solutions enabled by full system emulation, such as detecting environment-dependent branching, circumventing detection attempts, and mitigating stalling code blocks. Gain valuable knowledge on identifying and bypassing human behavior detection attempts, enhancing your ability to analyze and combat sophisticated malware.