lecture: Haow do I sandbox?!?!
Cuckoo Sandbox Internals
Cuckoo Sandbox is an open source automated malware analysis system that enables you to easily automate the process of analyzing your feeds of malware samples and start collecting actionable threat data. This is especially useful in todays world, where simply removing malware artifacts from a network is not enough. Instead, it's important for
corporations, governments, and organizations of any sort to understand how they work and what they might do/have done on their network. Being for incident response, preemptive analysis, or just to collect intelligence.
During this technical talk we'll first give a quick introduction of Cuckoo Sandbox for those of us unfamiliar with it. We will then dig into the design of the Cuckoo, followed by an in-depth technical walk-through of the various low-level techniques that have been employed into Cuckoo in order to analyze & defeat the most recent detection techniques. We will learn how Cuckoo keeps track of multiple processes (e.g., for banking malware which injects into other processes), the advanced hooking scheme for intercepting function calls, tricks we use to tweak huge log files, various anti-anti-debugging tricks, and finally, various advanced techniques we've given a spin but didn't work out in the end.
Files
| Slides |
Speakers
 |
Jurriaan Bremer |