Defeating Sandbox Evasion: How to Increase Successful Emulation Rate in Your Virtualized Environment

ShmooCon XIII - 2017

Presented by: Alexander Chailytko, Stanislav Skuratovich
Date: Saturday January 14, 2017
Time: 16:00 - 16:50
Location: Far Room
Track: Belay It

Sandboxed environments are commonly used nowadays to automatically analyze malware behavior. Most modern malicious application use detection techniques to avoid behavior analysis monitor by these environments. We will describe the ways to detect and evade Cuckoo Sandbox, which is the leading open-source automatic malware analysis system. As it is used by the largest players on the market, such as Virus Total and Malwr, as well as in internal anti-malware related projects, produced results with fake information can be critical. At the same time, we will propose fixes for found bugs and advanced virtual environment detection techniques. A user-friendly tool that can be used for virtual assessment was created as well.

Alexander Chailytko

Alexander Chailytko (@alex_chailytko) Started self-education in the field of hacking and reverse engineering at the age of 14, resulting in more than 10 years of experience. Very passionate about solving most prevalent malware problems of today as well as dealing with big data. Highly experienced in government and state sponsored malware research.

Stanislav Skuratovich

Stanislav Skuratovich Very passionate about sophisticated malwares research. Interested in embedded devices. Fan of travelling to strange places.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats