Haow do I sandbox?!?!: Cuckoo Sandbox Internals

Presented at REcon 2013, June 21, 2013, 5 p.m. (60 minutes)

Cuckoo Sandbox is an open source automated malware analysis system that enables you to easily automate the process of analyzing your feeds of malware samples and start collecting actionable threat data. This is especially useful in todays world, where simply removing malware artifacts from a network is not enough. Instead, it's important for corporations, governments, and organizations of any sort to understand how they work and what they might do/have done on their network. Being for incident response, preemptive analysis, or just to collect intelligence.

Presenters:

• Jurriaan Bremer
  I'm Jurriaan Bremer, @skier_t on twitter, a student from amsterdam with lots of interest in infosec. Jurriaan is an independent security researcher from the Netherlands interested in the fields of reverse engineering, malware analysis, mobile security, and the development of software to aid in security analysis. Jurriaan works on Cuckoo Sandbox in his free time as one of the Core Developers and occasionally plays so-called Capture The Flag games as a member of De Eindbazen CTF Team.

Links:

• https://recon.cx/2013/schedule/events/6.html

Similar Presentations:

• VB2016 / Defeating Sandbox Evasion: How to Increase Successful Emulation Rate in your Virtualized Environment
• BSidesSF 2017 / Bypassing malware analysis sandboxes is easy, let’s discuss how they are doing it and why it works
• Black Hat USA 2013 / Mo' Malware, Mo' Problems - Cuckoo Sandbox to the Rescue