[SANS Webcast] Defense Against the Dark Arts: Dissecting Sandbox Evasion Techniques
When traditional security products fail in preventing malware from infiltrating an organization, a malware sandbox is often the last hope. For years, malware authors have found ways to stay one step ahead in the arms race with sandbox vendors in this crucial security layer. Building on years of research, the VMRay team tracked and analyzed the sandbox evasion techniques that these malware authors use.
Watch the VMRay Team, Solutions Engineer Ben Abbott, Senior Threat Analyst Tamas Boczan, and Threat Researcher, Pascal Brackmann, as they take a deeper look at the techniques malware authors use to evade automated dynamic analysis, and what steps can be taken for organizations to restore hope in their defenses.
This webcast will explore the following evasion techniques:
- Detecting the presence of a sandbox: Once a malicious file detects the presence of a sandbox during execution, it alters its behavior in an effort to avoid being detected.
- Exploiting weaknesses in the underlying sandbox technology: This approach typically takes advantage of the fact that most sandboxes use agents, or hooks, to monitor malware activity.
- Using contextual triggers: This approach gathers information about the malware’s context, such as localization or time, and doesn’t execute the malicious behavior unless the malware is running in the right context.