1 / 19

Malware Analysis Using Cuckoo Sandbox

Malware Analysis Using Cuckoo Sandbox. Digit Oktavianto 21 Juni 2014 http://digitoktavianto.web.id digit dot oktavianto at gmail dot com. About Me. Infosec Analyst @ Noosc Global Member Indonesian Honeynet Chapter Member OWASP Indonesian Chapter

lilly
Download Presentation

Malware Analysis Using Cuckoo Sandbox

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Malware Analysis Using Cuckoo Sandbox Digit Oktavianto 21Juni 2014 http://digitoktavianto.web.id digit dot oktavianto at gmail dot com

  2. About Me • Infosec Analyst @ Noosc Global • Member Indonesian Honeynet Chapter • Member OWASP Indonesian Chapter • Coordinator in System AdminstrationCloudIndonesia • Linux Activist (KPLI Jakarta)

  3. Introduction to Malware Analysis • Malware : Any piece of code that has malicious intentions and /or performs a function that the user was not aware that it was going to do • Malware analysis : process of analyzing malware; how to analyze malware behavior; how to reverse the malware; how to disassemble the malware

  4. Introduction to Malware Analysis (Cont’d..) • Benefits from malware analysis? • We can investigate how the malware works • We can predict what it is going to do with the victims • We will know how to mitigate this malware attack (quickly assess the threat) • We can prevent further malware action • We will understand threat management better • We can secure our environment

  5. Basic Theory in Sandboxing What is Sandboxing? Sandboxing is a technique for isolating a programs (in this case, malware) by providing confined execution environments

  6. Problems •  Malwares in the wild are way too many •  Manual analysis takes a lot of time •  Static analysis requires strong skillsets •  Need to deal with packed, polymorphic, self-modifying code •  Performing dynamic analysis manually is a tedious work

  7. Pros •  Can automate the whole analysis process •  Process high volumes of malwares •  Usable by virtually anyone •  Can tweak to do cool stuff •  Automating is cool

  8. Lets you focus on another duties

  9. Cons •  Commercial solutions are very expensive •  Some portions of the malware code could be not triggered •  Environment could be detected •  Without proper consumption of the results, it gets useless

  10. Cuckoo Sandbox

  11. Cuckoo Sandbox • • Rapid7’s Cuckoo Sandbox • – Allows sandboxed execution of malicious files • – Records file and registry changes and netwok connections. • – Integrates with common virtualization platforms • – It is possible to target custom OS and architecture • – Allows user interaction during execution • – Free

  12. Cuckoo Sandbox What files can be processed by Cuckoo? - Generic Windows executables - DLL files - PDF documents - Microsoft Office documents - URLs - PHP scripts - Almost anything else

  13. Cuckoo Sandbox Output • What is the output result from Cuckoo? • - Files being created, deleted and downloaded by the malware during its execution. • - Memory dumps of the malware processes. • - Network traffic trace in PCAP format. • Screenshots of Windows desktop taken during the execution of the malware. • Full memory dumps of the machines.

  14. Cuckoo Sandbox Architecture

  15. Cuckoo Sandbox Component

  16. How Cuckoo Works?

  17. Cuckoo Sandbox Module • Analysis Packages • Machine Managers • Processing • Reporting • Signatures

  18. Demo and Practice in Lab • Let’s Start Our Lab Practice

  19. Thank You • FINISH • Q and A • Email : digit dot oktavianto at gmail dot com

More Related