Christopher Kruegel to Present on Full-System Emulation at Black Hat 2014
Today, forensics experts and malware protection solutions face a myriad of challenges when attempting to extract information from malicious files. Sandboxing (Dynamic Analysis) is a popular method for identifying malicious behaviors associated with running or opening a given file, providing the ability to examine the actions which that file is responsible for. Sandboxing technology is gaining popularity for use in detecting targeted threats and zero-day attacks because this approach need not rely on detecting malicious code. Instead, it can leverage the ability to identify suspicious behavioral patterns to assess the risk inherent in running a given sample and provide intelligence about the protocols and infrastructure that attackers have at their disposal.
Of course, many of the attackers have a vested interest in making it much more difficult to extract intelligence from their backdoors or implants. New techniques to evade or complicate first-generation sandbox analysis of samples are growing in popularity and diversity. With malware authors constantly evolving new techniques to hamper automated analysis, what is a researcher to do?
Next Generation Sandbox using Full-system emulation is one of the latest weapons in the advanced malware protection arsenal. By simulating the physical hardware (including CPU and memory), full-system emulation provides the deepest level of visibility into malware behavior, and it is also the hardest for advanced malware to evade. When compared to first-generation sandboxing techniques, the advantage of the approach is clear.
Join Co-Founder and Chief Scientist of Lastline, Christopher Kruegel, on Wednesday, August 6th at 11:45am PST as he presents on full-system emulation.
Briefing will delve deeper into:
- designing and building sandbox (dynamic analysis) systems
- information one should seek to extract with a sandbox platform
- advantages and limitations of externally instrumented full-system emulation
- added value in comparison with other approaches such as OS emulation or traditional virtualization solutions which instrument from inside the analysis environment
- recent examples of several classes of evasion techniques observed in the wild
- solutions to these challenges, each enabled by full-system emulation
Latest posts by Lastline (see all)
- Choosing a VPN for Added Internet Security - March 23, 2020
- Emergency response: How construction companies should react to a hack - March 11, 2020
- Spam Campaign Leverages IQY Files to Distribute Paradise Ransomware - March 11, 2020