Tag: cuckoo
-
VB2016 paper: Open Source Malware Lab
Security experts aren’t necessarily known for being skilled at predicting the future, but if there’s one prediction they are guaranteed to get right, it’s that there will be a lot of new malware in the coming year. As a consequence, increasing numbers of companies and researchers are likely to turn their attentions to setting up…
-
VB2016 paper: Open Source Malware Lab
Security experts aren’t necessarily known for being skilled at predicting the future, but if there’s one prediction they are guaranteed to get right, it’s that there will be a lot of new malware in the coming year. As a consequence, increasing numbers of companies and researchers are likely to turn their attentions to setting up…
-
VB2016 paper: Defeating sandbox evasion: how to increase successful emulation rate in your virtualized environment
In order to analyse a potentially malicious binary, an important first step is to run it in a specialised virtual environment, or sandbox environment, and see what it does – if it exhibits some known malicious behaviour, it is probably worth blocking it. However, malware authors are wise to this analysis technique, and most pieces…
-
VB2016 paper: Defeating sandbox evasion: how to increase successful emulation rate in your virtualized environment
In order to analyse a potentially malicious binary, an important first step is to run it in a specialised virtual environment, or sandbox environment, and see what it does – if it exhibits some known malicious behaviour, it is probably worth blocking it. However, malware authors are wise to this analysis technique, and most pieces…
-
VB2014 paper: Unveiling the kernel: rootkit discovery using selective automated kernel memory differencing
Ahmed Zaki and Benjamin Humphrey describe a system they built for the automated detection of rootkit behaviour. Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘ Unveiling the kernel: rootkit discovery using selective…