Overview
Explore a hybrid solution for malware reverse engineering in this 30-minute conference talk from Recon Conference. Dive into Sandbagility, a Hypervisor-based introspection framework for Microsoft Windows that bridges the gap between dynamic and sandbox analysis. Learn how this Python-based tool, built on a modified VirtualBox hypervisor, offers a stealthy, adaptive, and user-friendly approach to reduce analysis time. Follow along with a practical case study of the WannaCry ransomware to understand the framework's capabilities and potential applications in cybersecurity and malware analysis.
Syllabus
Sandbagility - Reverse Engineering Framework for Windows dynamic analysis by F.Khourbiga & E.Deligne
Taught by
Recon Conference