MMW Anti-Sandbox Techniques

Jul. 31, 2015
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
1 of 45

More Related Content

Viewers also liked

Malware Detection With Multiple FeaturesMalware Detection With Multiple Features
Malware Detection With Multiple FeaturesMuhammad Najmi Ahmad Zabidi
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence Cyphort
Ensembled Based Categorization and Adaptive Learning Model for Malware DetectionEnsembled Based Categorization and Adaptive Learning Model for Malware Detection
Ensembled Based Categorization and Adaptive Learning Model for Malware DetectionMuhammad Najmi Ahmad Zabidi
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareIBM Security
The Black Report - HackersThe Black Report - Hackers
The Black Report - HackersDendreon
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCyber Security Alliance

Similar to MMW Anti-Sandbox Techniques

Malware's Most Wanted: How to tell BADware from adwareMalware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adwareCyphort
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Zoltan Balazs
Malware Most Wanted: Evil BunnyMalware Most Wanted: Evil Bunny
Malware Most Wanted: Evil BunnyCyphort
Malware's most wanted-zberp-the_financial_trojanMalware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanCyphort
Malware 101 by saurabh chaudharyMalware 101 by saurabh chaudhary
Malware 101 by saurabh chaudharySaurav Chaudhary
Mmw mac malware-macMmw mac malware-mac
Mmw mac malware-macCyphort

More from Cyphort

EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityCyphort
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsCyphort
Malware self protection-matrixMalware self protection-matrix
Malware self protection-matrixCyphort
Machine learning cyphort_malware_most_wantedMachine learning cyphort_malware_most_wanted
Machine learning cyphort_malware_most_wantedCyphort
Dissecting CryptowallDissecting Cryptowall
Dissecting CryptowallCyphort
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyphort

Recently uploaded

Accelerating Data Science through Feature Platform, Transformers and GenAIAccelerating Data Science through Feature Platform, Transformers and GenAI
Accelerating Data Science through Feature Platform, Transformers and GenAIFeatureByte
Take Control of Podcasting thanks to Open Source and Podcasting 2.0Take Control of Podcasting thanks to Open Source and Podcasting 2.0
Take Control of Podcasting thanks to Open Source and Podcasting 2.0🎙 Benjamin Bellamy
Product Listing Presentation-Maidy Veloso.pptxProduct Listing Presentation-Maidy Veloso.pptx
Product Listing Presentation-Maidy Veloso.pptxMaidyVeloso
"Data Mesh in Kubernetes", Andrii Syniuk"Data Mesh in Kubernetes", Andrii Syniuk
"Data Mesh in Kubernetes", Andrii SyniukFwdays
Manage and Release Changes Easily and Collaboratively with DevOps Center - Sa...Manage and Release Changes Easily and Collaboratively with DevOps Center - Sa...
Manage and Release Changes Easily and Collaboratively with DevOps Center - Sa...Amol Dixit
GIT AND GITHUB (1).pptxGIT AND GITHUB (1).pptx
GIT AND GITHUB (1).pptxGDSCCVRGUPoweredbyGo

Recently uploaded(20)

MMW Anti-Sandbox Techniques

Editor's Notes

  1. User-mode agent – a software component is installed within the guest operating system and reports all user-based activity to the trace handler (think of this kind of like a keylogger). more specific application level behavior, can be detected and subverted, but can figure out exactly what they are doing. Kernel-mode Patching – The kernel of the guest operating system is modified to accommodate tracing requirements (think of this kind of like a rootkit). very difficult to subvert, but the data is more generic, basic kernel operations like file,process, registry info, OS level info. System emulation – A hardware emulator is modified to hook appropriate memory, disk IO functions and peripherals (etc.) and report activities (think of this as a hall of mirrors approach). Emulation approaches are great for more difficult operating systems (e.g. Android, SCADA systems, etc.) a kind of VM that emulates all hardware components in software including the memory, can put probes to analyze malware, allows memory taint analysis. Hard to map low level behaviors to something malicious. Cyphort can switch easily. Initially malware was not detecting QEMU as VirtualBox and VmWare but that has changed over time.