SlideShare a Scribd company logo

Advanced malware analysis training session6 malware sandbox analysis

Download as PPTX, PDF
C
Cysinfo Cyber Security Community

Advanced malware analysis training session6 malware sandbox analysis

Technology
1 of 26
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions of any kind. Also the views/ideas/knowledge expressed here are solely of the trainer’s only and nothing to do with the company or the organization in which the trainer is currently working. However in no circumstances neither the Trainer nor Cysinfo is responsible for any damage or loss caused due to use or misuse of the information presented here.
Acknowledgement  Special thanks to Null community for their extended support and co-operation.  Special thanks to ThoughtWorks for the beautiful venue.  Thanks to all the trainers who have devoted their precious time and countless hours to make it happen.
Advanced Malware Analysis Training This presentation is part of our Advanced Malware Analysis Training program. Currently it is delivered only during our local meets for FREE of cost.
Who am I? Monnappa  Member, Cysinfo  Info Security Investigator @ Cisco  Reversing, Malware Analysis, Memory Forensics.  Email: monnappa22@gmail.com  Twitter: @monnappa22  LinkedIn: http://www.linkedin.com/pub/monnappa-ka-grem-ceh/42/45a/1b8
 Sandbox Overview  Why Sandbox Analysis  Sandbox Architecture  Online Sandboxes  Custom Sandbox (Sandbox.py)  Sandbox.py working  Sandbox.py report  Demo 1&2 (Sandbox Analysis)
 Execute malware in a controlled/monitored environment  Monitors file system, registry, process and network activity  Outputs the results in multiple formats  Examples of Sandboxes ◦ Cuckoo Sandbox ◦ ThreatExpert ◦ Anubis ◦ CWSandbox
To determine:  The nature and purpose of the malware  Interaction with the file system  Interaction with the registry  Interaction with the network  To determine identifiable patterns
Controller Reports ArtifactsPCAPS Host Machine Analysis Machine (VM) Reports Launch Sample Samples Submit Monitoring tools
 Automates static, dynamic and Memory analysis using open source tools  Written in python  Can be run in sandbox mode or internet mode  In sandbox mode it can simulate internet services (this is the default mode)  Allows you to set the timeout for the malware to run (default is 60 seconds)  Stores final reports, pcaps, desktop screeshot , and malicious artifacts for later analysis
 Takes sample as input  Performs static analysis  Reverts VM to clean snapshot  Starts the VM  Transfers the malware to VM  Runs the monitoring tools ( to monitor process, registry, file system, network activity)  Executes the malware for the specified time
 Stops the monitoring tools  Suspends the VM  Acquires the memory image  Performs memory analysis using Volatility framework  Stores the results (Final reports, destkop screenshot, pcaps and malicious artifacts for later analysis)
Static analysis results:  File type (uses magic python module)  Cryptographic hash (md5sum – uses hashlib python module)  VirusTotal results (python script using VirusTotal’s public api)  Determines packers used by malware (uses yara-python)  Determines the capabilities of the malware like IRC, P2P etc etc (uses yara-python module)
Dynamic analysis results:  Determines File system activity  Determines Process activity  Determines Registry activity  Monitor Network activity  Displays DNS summary  Shows TCP conversations  Displays HTTP requests & HTTP request tree
Memory analysis results:  uses Volatility advanced memory forensics framework  displays process, hidden process in memory  displays network connections, terminated network connections  displays listening sockets  determines api hooks, code injection and embedded executable in memory  displays DLL’s loaded by the process memory  displays services in memory  displays the registry keys (like run registry key)
The below screenshot shows the sandbox.py help option
The below screenshot shows the sandbox.py taking sample as input to run it for 30 seconds
The below screenshot shows the static analysis results after executing the sample
The below screenshot shows the dynamic analysis results after executing the sample
The below screenshot shows the network activity after executing the sample
The below screenshot shows the memory analysis results after executing the sample
Thank You !

Recommended

Advanced malware analysis training session3 botnet analysis part2
Advanced malware analysis training session3 botnet analysis part2Advanced malware analysis training session3 botnet analysis part2
Advanced malware analysis training session3 botnet analysis part2
Cysinfo Cyber Security Community
 
Reversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysisReversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysis
Cysinfo Cyber Security Community
 
Automating malware analysis
Automating malware analysis Automating malware analysis
Automating malware analysis
Cysinfo Cyber Security Community
 
Advanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidAdvanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to android
Cysinfo Cyber Security Community
 
Reverse engineering malware
Reverse engineering malwareReverse engineering malware
Reverse engineering malware
Cysinfo Cyber Security Community
 
Advanced malware analysis training session10 part1
Advanced malware analysis training session10 part1Advanced malware analysis training session10 part1
Advanced malware analysis training session10 part1
Cysinfo Cyber Security Community
 
Reversing malware analysis training part1 lab setup guide
Reversing malware analysis training part1 lab setup guideReversing malware analysis training part1 lab setup guide
Reversing malware analysis training part1 lab setup guide
Cysinfo Cyber Security Community
 
Advanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwaresAdvanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwares
Cysinfo Cyber Security Community
 

Recommended

Advanced malware analysis training session3 botnet analysis part2
Advanced malware analysis training session3 botnet analysis part2Advanced malware analysis training session3 botnet analysis part2
Advanced malware analysis training session3 botnet analysis part2
Cysinfo Cyber Security Community
 
Reversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysisReversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysis
Cysinfo Cyber Security Community
 
Automating malware analysis
Automating malware analysis Automating malware analysis
Automating malware analysis
Cysinfo Cyber Security Community
 
Advanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidAdvanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to android
Cysinfo Cyber Security Community
 
Reverse engineering malware
Reverse engineering malwareReverse engineering malware
Reverse engineering malware
Cysinfo Cyber Security Community
 
Advanced malware analysis training session10 part1
Advanced malware analysis training session10 part1Advanced malware analysis training session10 part1
Advanced malware analysis training session10 part1
Cysinfo Cyber Security Community
 
Reversing malware analysis training part1 lab setup guide
Reversing malware analysis training part1 lab setup guideReversing malware analysis training part1 lab setup guide
Reversing malware analysis training part1 lab setup guide
Cysinfo Cyber Security Community
 
Advanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwaresAdvanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwares
Cysinfo Cyber Security Community
 
Return address
Return addressReturn address
Return address
Cysinfo Cyber Security Community
 
Advanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensicsAdvanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensics
Cysinfo Cyber Security Community
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
Cysinfo Cyber Security Community
 
Reversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversingReversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversing
Cysinfo Cyber Security Community
 
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedReversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advanced
Cysinfo Cyber Security Community
 
Basic malware analysis
Basic malware analysis Basic malware analysis
Basic malware analysis
Cysinfo Cyber Security Community
 
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basics
Cysinfo Cyber Security Community
 
Reversing malware analysis training part2 introduction to windows internals
Reversing malware analysis training part2 introduction to windows internalsReversing malware analysis training part2 introduction to windows internals
Reversing malware analysis training part2 introduction to windows internals
Cysinfo Cyber Security Community
 
Hunting rootkit from dark corners of memory
Hunting rootkit from dark corners of memoryHunting rootkit from dark corners of memory
Hunting rootkit from dark corners of memory
Cysinfo Cyber Security Community
 
Hunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory ForensicsHunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory Forensics
securityxploded
 
Reversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupxReversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupx
Cysinfo Cyber Security Community
 
Advanced malware analysis training session5 reversing automation
Advanced malware analysis training session5 reversing automationAdvanced malware analysis training session5 reversing automation
Advanced malware analysis training session5 reversing automation
Cysinfo Cyber Security Community
 
Reverse Engineering Malware
Reverse Engineering MalwareReverse Engineering Malware
Reverse Engineering Malware
securityxploded
 
Return Address – The Silver Bullet
Return Address – The Silver BulletReturn Address – The Silver Bullet
Return Address – The Silver Bullet
securityxploded
 
Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)
securityxploded
 
Reversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malwareReversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malware
Cysinfo Cyber Security Community
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysis
securityxploded
 
Hunting Rootkit From the Dark Corners Of Memory
Hunting Rootkit From the Dark Corners Of MemoryHunting Rootkit From the Dark Corners Of Memory
Hunting Rootkit From the Dark Corners Of Memory
securityxploded
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysis
securityxploded
 
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory ForensicsAdvanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
securityxploded
 
Advanced malware analysis training session11 part2 dissecting the heart beat ...
Advanced malware analysis training session11 part2 dissecting the heart beat ...Advanced malware analysis training session11 part2 dissecting the heart beat ...
Advanced malware analysis training session11 part2 dissecting the heart beat ...
Cysinfo Cyber Security Community
 
Advanced malware analysis training session4 anti-analysis techniques
Advanced malware analysis training session4 anti-analysis techniquesAdvanced malware analysis training session4 anti-analysis techniques
Advanced malware analysis training session4 anti-analysis techniques
Cysinfo Cyber Security Community
 

More Related Content

What's hot

Advanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensicsAdvanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensics
Cysinfo Cyber Security Community
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
Cysinfo Cyber Security Community
 
Reversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversingReversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversing
Cysinfo Cyber Security Community
 
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedReversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advanced
Cysinfo Cyber Security Community
 
Basic malware analysis
Basic malware analysis Basic malware analysis
Basic malware analysis
Cysinfo Cyber Security Community
 
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basics
Cysinfo Cyber Security Community
 
Reversing malware analysis training part2 introduction to windows internals
Reversing malware analysis training part2 introduction to windows internalsReversing malware analysis training part2 introduction to windows internals
Reversing malware analysis training part2 introduction to windows internals
Cysinfo Cyber Security Community
 
Hunting rootkit from dark corners of memory
Hunting rootkit from dark corners of memoryHunting rootkit from dark corners of memory
Hunting rootkit from dark corners of memory
Cysinfo Cyber Security Community
 
Hunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory ForensicsHunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory Forensics
securityxploded
 
Reversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupxReversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupx
Cysinfo Cyber Security Community
 
Advanced malware analysis training session5 reversing automation
Advanced malware analysis training session5 reversing automationAdvanced malware analysis training session5 reversing automation
Advanced malware analysis training session5 reversing automation
Cysinfo Cyber Security Community
 
Reverse Engineering Malware
Reverse Engineering MalwareReverse Engineering Malware
Reverse Engineering Malware
securityxploded
 
Return Address – The Silver Bullet
Return Address – The Silver BulletReturn Address – The Silver Bullet
Return Address – The Silver Bullet
securityxploded
 
Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)
securityxploded
 
Reversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malwareReversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malware
Cysinfo Cyber Security Community
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysis
securityxploded
 
Hunting Rootkit From the Dark Corners Of Memory
Hunting Rootkit From the Dark Corners Of MemoryHunting Rootkit From the Dark Corners Of Memory
Hunting Rootkit From the Dark Corners Of Memory
securityxploded
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysis
securityxploded
 
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory ForensicsAdvanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
securityxploded
 

What's hot (20)

Return address
Return addressReturn address
Return address
 
Advanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensicsAdvanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensics
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
 
Reversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversingReversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversing
 
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedReversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advanced
 
Basic malware analysis
Basic malware analysis Basic malware analysis
Basic malware analysis
 
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basics
 
Reversing malware analysis training part2 introduction to windows internals
Reversing malware analysis training part2 introduction to windows internalsReversing malware analysis training part2 introduction to windows internals
Reversing malware analysis training part2 introduction to windows internals
 
Hunting rootkit from dark corners of memory
Hunting rootkit from dark corners of memoryHunting rootkit from dark corners of memory
Hunting rootkit from dark corners of memory
 
Hunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory ForensicsHunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory Forensics
 
Reversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupxReversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupx
 
Advanced malware analysis training session5 reversing automation
Advanced malware analysis training session5 reversing automationAdvanced malware analysis training session5 reversing automation
Advanced malware analysis training session5 reversing automation
 
Reverse Engineering Malware
Reverse Engineering MalwareReverse Engineering Malware
Reverse Engineering Malware
 
Return Address – The Silver Bullet
Return Address – The Silver BulletReturn Address – The Silver Bullet
Return Address – The Silver Bullet
 
Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)
 
Reversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malwareReversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malware
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysis
 
Hunting Rootkit From the Dark Corners Of Memory
Hunting Rootkit From the Dark Corners Of MemoryHunting Rootkit From the Dark Corners Of Memory
Hunting Rootkit From the Dark Corners Of Memory
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysis
 
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory ForensicsAdvanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
 

Viewers also liked

Advanced malware analysis training session11 part2 dissecting the heart beat ...
Advanced malware analysis training session11 part2 dissecting the heart beat ...Advanced malware analysis training session11 part2 dissecting the heart beat ...
Advanced malware analysis training session11 part2 dissecting the heart beat ...
Cysinfo Cyber Security Community
 
Advanced malware analysis training session4 anti-analysis techniques
Advanced malware analysis training session4 anti-analysis techniquesAdvanced malware analysis training session4 anti-analysis techniques
Advanced malware analysis training session4 anti-analysis techniques
Cysinfo Cyber Security Community
 
Reversing malware analysis training part3 windows pefile formatbasics
Reversing malware analysis training part3 windows pefile formatbasicsReversing malware analysis training part3 windows pefile formatbasics
Reversing malware analysis training part3 windows pefile formatbasics
Cysinfo Cyber Security Community
 
Reversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsReversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basics
Cysinfo Cyber Security Community
 
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
securityxploded
 
Breaking into hospitals
Breaking into hospitalsBreaking into hospitals
Breaking into hospitals
Cysinfo Cyber Security Community
 
Malicious Client Detection using Machine learning
Malicious Client Detection using Machine learningMalicious Client Detection using Machine learning
Malicious Client Detection using Machine learning
Cysinfo Cyber Security Community
 
Bluetooth insecurity
Bluetooth insecurity Bluetooth insecurity
Bluetooth insecurity
Cysinfo Cyber Security Community
 
Fingerprinting healthcare institutions
Fingerprinting healthcare institutions Fingerprinting healthcare institutions
Fingerprinting healthcare institutions
Cysinfo Cyber Security Community
 

Viewers also liked (11)

Advanced malware analysis training session11 part2 dissecting the heart beat ...
Advanced malware analysis training session11 part2 dissecting the heart beat ...Advanced malware analysis training session11 part2 dissecting the heart beat ...
Advanced malware analysis training session11 part2 dissecting the heart beat ...
 
Advanced malware analysis training session4 anti-analysis techniques
Advanced malware analysis training session4 anti-analysis techniquesAdvanced malware analysis training session4 anti-analysis techniques
Advanced malware analysis training session4 anti-analysis techniques
 
Reversing malware analysis training part3 windows pefile formatbasics
Reversing malware analysis training part3 windows pefile formatbasicsReversing malware analysis training part3 windows pefile formatbasics
Reversing malware analysis training part3 windows pefile formatbasics
 
Reversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsReversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basics
 
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
 
Breaking into hospitals
Breaking into hospitalsBreaking into hospitals
Breaking into hospitals
 
Emet bypsass
Emet bypsass Emet bypsass
Emet bypsass
 
Malicious Client Detection using Machine learning
Malicious Client Detection using Machine learningMalicious Client Detection using Machine learning
Malicious Client Detection using Machine learning
 
Bluetooth insecurity
Bluetooth insecurity Bluetooth insecurity
Bluetooth insecurity
 
Fingerprinting healthcare institutions
Fingerprinting healthcare institutions Fingerprinting healthcare institutions
Fingerprinting healthcare institutions
 
Betabot
BetabotBetabot
Betabot
 

Similar to Advanced malware analysis training session6 malware sandbox analysis

Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
securityxploded
 
Reversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysisReversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysisAbdulrahman Bassam
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
securityxploded
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisAbdulrahman Bassam
 
Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Thinking Outside the Sand[box]
Thinking Outside the Sand[box]
Juniper Networks
 
Automated Malware Analysis
Automated Malware AnalysisAutomated Malware Analysis
Automated Malware Analysis
Pushkar Pashupat
 
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
securityxploded
 
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
grecsl
 
[CONFidence 2016] Jacek Grymuza - From a life of SOC Analyst
[CONFidence 2016] Jacek Grymuza - From a life of SOC Analyst [CONFidence 2016] Jacek Grymuza - From a life of SOC Analyst
[CONFidence 2016] Jacek Grymuza - From a life of SOC Analyst
PROIDEA
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsReversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsAbdulrahman Bassam
 
Intro2 malwareanalysisshort
Intro2 malwareanalysisshortIntro2 malwareanalysisshort
Intro2 malwareanalysisshort
Vincent Ohprecio
 
Reversing & malware analysis training part 1 lab setup guide
Reversing & malware analysis training part 1 lab setup guideReversing & malware analysis training part 1 lab setup guide
Reversing & malware analysis training part 1 lab setup guide
securityxploded
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
Pete Burnap
 
Reversing & malware analysis training part 5 reverse engineering tools basics
Reversing & malware analysis training part 5 reverse engineering tools basics Reversing & malware analysis training part 5 reverse engineering tools basics
Reversing & malware analysis training part 5 reverse engineering tools basics Abdulrahman Bassam
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
Sergey Soldatov
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
Teymur Kheirkhabarov
 
Open Source Monitoring Tools Shootout
Open Source Monitoring Tools ShootoutOpen Source Monitoring Tools Shootout
Open Source Monitoring Tools Shootout
tomdc
 
Metasploit Framework Executable Encoding
Metasploit Framework Executable EncodingMetasploit Framework Executable Encoding
Metasploit Framework Executable Encoding
technology_flow
 
GDP Product Presentation
GDP Product PresentationGDP Product Presentation
GDP Product Presentationtswong
 
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of MalwaresAdvanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
securityxploded
 

Similar to Advanced malware analysis training session6 malware sandbox analysis (20)

Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
 
Reversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysisReversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysis
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
 
Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Thinking Outside the Sand[box]
Thinking Outside the Sand[box]
 
Automated Malware Analysis
Automated Malware AnalysisAutomated Malware Analysis
Automated Malware Analysis
 
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
 
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
 
[CONFidence 2016] Jacek Grymuza - From a life of SOC Analyst
[CONFidence 2016] Jacek Grymuza - From a life of SOC Analyst [CONFidence 2016] Jacek Grymuza - From a life of SOC Analyst
[CONFidence 2016] Jacek Grymuza - From a life of SOC Analyst
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsReversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensics
 
Intro2 malwareanalysisshort
Intro2 malwareanalysisshortIntro2 malwareanalysisshort
Intro2 malwareanalysisshort
 
Reversing & malware analysis training part 1 lab setup guide
Reversing & malware analysis training part 1 lab setup guideReversing & malware analysis training part 1 lab setup guide
Reversing & malware analysis training part 1 lab setup guide
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 
Reversing & malware analysis training part 5 reverse engineering tools basics
Reversing & malware analysis training part 5 reverse engineering tools basics Reversing & malware analysis training part 5 reverse engineering tools basics
Reversing & malware analysis training part 5 reverse engineering tools basics
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
 
Open Source Monitoring Tools Shootout
Open Source Monitoring Tools ShootoutOpen Source Monitoring Tools Shootout
Open Source Monitoring Tools Shootout
 
Metasploit Framework Executable Encoding
Metasploit Framework Executable EncodingMetasploit Framework Executable Encoding
Metasploit Framework Executable Encoding
 
GDP Product Presentation
GDP Product PresentationGDP Product Presentation
GDP Product Presentation
 
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of MalwaresAdvanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
 

More from Cysinfo Cyber Security Community

Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
Cysinfo Cyber Security Community
 
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviUnderstanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Cysinfo Cyber Security Community
 
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKGetting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Cysinfo Cyber Security Community
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
Cysinfo Cyber Security Community
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
Cysinfo Cyber Security Community
 
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin ShenoiCloser look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
Cysinfo Cyber Security Community
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Cysinfo Cyber Security Community
 
The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil MahendraThe Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
Cysinfo Cyber Security Community
 
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaReversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
Cysinfo Cyber Security Community
 
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by SreelakshmiDeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
Cysinfo Cyber Security Community
 
Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
Cysinfo Cyber Security Community
 
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k aUnderstanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
Cysinfo Cyber Security Community
 
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasaraoSecurity challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
Cysinfo Cyber Security Community
 
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna aS2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
Cysinfo Cyber Security Community
 
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muraleeDynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muralee
Cysinfo Cyber Security Community
 
Bit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleyaBit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
Cysinfo Cyber Security Community
 
Security Analytics using ELK stack
Security Analytics using ELK stack Security Analytics using ELK stack
Security Analytics using ELK stack
Cysinfo Cyber Security Community
 
Linux Malware Analysis
Linux Malware Analysis Linux Malware Analysis
Linux Malware Analysis
Cysinfo Cyber Security Community
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation
Cysinfo Cyber Security Community
 
ATM Malware: Understanding the threat
ATM Malware: Understanding the threat ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
Cysinfo Cyber Security Community
 

More from Cysinfo Cyber Security Community (20)

Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
 
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviUnderstanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
 
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKGetting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
 
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin ShenoiCloser look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
 
The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil MahendraThe Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
 
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaReversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
 
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by SreelakshmiDeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
 
Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
 
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k aUnderstanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
 
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasaraoSecurity challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
 
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna aS2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
 
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muraleeDynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muralee
 
Bit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleyaBit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
 
Security Analytics using ELK stack
Security Analytics using ELK stack Security Analytics using ELK stack
Security Analytics using ELK stack
 
Linux Malware Analysis
Linux Malware Analysis Linux Malware Analysis
Linux Malware Analysis
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation
 
ATM Malware: Understanding the threat
ATM Malware: Understanding the threat ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
 

Recently uploaded

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 

Recently uploaded (20)

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 

Advanced malware analysis training session6 malware sandbox analysis

  • 1.
  • 2. Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions of any kind. Also the views/ideas/knowledge expressed here are solely of the trainer’s only and nothing to do with the company or the organization in which the trainer is currently working. However in no circumstances neither the Trainer nor Cysinfo is responsible for any damage or loss caused due to use or misuse of the information presented here.
  • 3. Acknowledgement  Special thanks to Null community for their extended support and co-operation.  Special thanks to ThoughtWorks for the beautiful venue.  Thanks to all the trainers who have devoted their precious time and countless hours to make it happen.
  • 4. Advanced Malware Analysis Training This presentation is part of our Advanced Malware Analysis Training program. Currently it is delivered only during our local meets for FREE of cost.
  • 5. Who am I? Monnappa  Member, Cysinfo  Info Security Investigator @ Cisco  Reversing, Malware Analysis, Memory Forensics.  Email: monnappa22@gmail.com  Twitter: @monnappa22  LinkedIn: http://www.linkedin.com/pub/monnappa-ka-grem-ceh/42/45a/1b8
  • 6.  Sandbox Overview  Why Sandbox Analysis  Sandbox Architecture  Online Sandboxes  Custom Sandbox (Sandbox.py)  Sandbox.py working  Sandbox.py report  Demo 1&2 (Sandbox Analysis)
  • 7.  Execute malware in a controlled/monitored environment  Monitors file system, registry, process and network activity  Outputs the results in multiple formats  Examples of Sandboxes ◦ Cuckoo Sandbox ◦ ThreatExpert ◦ Anubis ◦ CWSandbox
  • 8. To determine:  The nature and purpose of the malware  Interaction with the file system  Interaction with the registry  Interaction with the network  To determine identifiable patterns
  • 9. Controller Reports ArtifactsPCAPS Host Machine Analysis Machine (VM) Reports Launch Sample Samples Submit Monitoring tools
  • 10.
  • 11.
  • 12.
  • 13.  Automates static, dynamic and Memory analysis using open source tools  Written in python  Can be run in sandbox mode or internet mode  In sandbox mode it can simulate internet services (this is the default mode)  Allows you to set the timeout for the malware to run (default is 60 seconds)  Stores final reports, pcaps, desktop screeshot , and malicious artifacts for later analysis
  • 14.  Takes sample as input  Performs static analysis  Reverts VM to clean snapshot  Starts the VM  Transfers the malware to VM  Runs the monitoring tools ( to monitor process, registry, file system, network activity)  Executes the malware for the specified time
  • 15.  Stops the monitoring tools  Suspends the VM  Acquires the memory image  Performs memory analysis using Volatility framework  Stores the results (Final reports, destkop screenshot, pcaps and malicious artifacts for later analysis)
  • 16. Static analysis results:  File type (uses magic python module)  Cryptographic hash (md5sum – uses hashlib python module)  VirusTotal results (python script using VirusTotal’s public api)  Determines packers used by malware (uses yara-python)  Determines the capabilities of the malware like IRC, P2P etc etc (uses yara-python module)
  • 17. Dynamic analysis results:  Determines File system activity  Determines Process activity  Determines Registry activity  Monitor Network activity  Displays DNS summary  Shows TCP conversations  Displays HTTP requests & HTTP request tree
  • 18. Memory analysis results:  uses Volatility advanced memory forensics framework  displays process, hidden process in memory  displays network connections, terminated network connections  displays listening sockets  determines api hooks, code injection and embedded executable in memory  displays DLL’s loaded by the process memory  displays services in memory  displays the registry keys (like run registry key)
  • 19.
  • 20. The below screenshot shows the sandbox.py help option
  • 21. The below screenshot shows the sandbox.py taking sample as input to run it for 30 seconds
  • 22. The below screenshot shows the static analysis results after executing the sample
  • 23. The below screenshot shows the dynamic analysis results after executing the sample
  • 24. The below screenshot shows the network activity after executing the sample
  • 25. The below screenshot shows the memory analysis results after executing the sample