Top Banner
CISC 850 : Cyber Analytics Leonardo De La Rosa Institute for Financial Services Analytics University of Delaware Cuckoo Sandbox
7

Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

Jun 11, 2018

Download

Documents

lamdung
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

Leonardo De La RosaInstitute for Financial Services Analytics

University of Delaware

Cuckoo Sandbox

Page 2: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

Cuckoo Sandbox• Automated malware analysis system.

• Uses virtualization and supports Bare-metal environments.

• Analyzes different malicious files.

• Python based. Easy to customize.

Page 3: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

• Trace API calls.

• Generate Behavioral profile and signatures.

• Dump and analyze Network Traffic.

• Capture file dumps.

• Take screenshots during execution of the analysis.

What Cuckoo can do

Page 4: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

Cuckoo’s Architecture

Cuckoo host

Analysis Guests

Bare-metal System

Virtual Environment

Page 5: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

Execution Flow

Submit a Task

Launch Virtual

MachineExecute Malware

Log Results

Generate Reports

Page 6: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

Drawbacks• Malware checks for virtualization software:

Ø Registry keys.Ø Devices (CD-ROM, HDD).Ø Background processes.Ø IP addresses.

• Evasive techniques:

Ø Time triggers.Ø Extended sleep.Ø User interaction.

Page 7: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

Demo


Related Documents
Cuckoo Sandbox Book · 2019-04-02 · Cuckoo Sandbox Book, Release 2.0.2 Cuckoo Sandbox is an open source software for automating analysis of suspicious files. To do so it makes

Cuckoo Sandbox Book · 2019-04-02 · Cuckoo Sandbox Book,....

Category: Documents
EUROPE CUCKOO...EUROPE CUCKOO ... ...

EUROPE CUCKOO...EUROPE CUCKOO ... ...

Category: Documents
Covering the global threat landscape - Virus Bulletin · end-to-end analysis of malware. INTRODUCTION ... FAME is not a malware analysis sandbox, ... support for both Cuckoo Sandbox

Covering the global threat landscape - Virus Bulletin ·...

Category: Documents
Cuckoo Sandbox Book · To run with VMware vSphere Hypervisor (or ESXi) Cuckoo leverages on libvirt or pyVmomi (the Python SDK for the VMware vSphere API). VMware API are used to take

Cuckoo Sandbox Book · To run with VMware vSphere...

Category: Documents
HERE - Cuckoo Sandbox - Automated Malware Analysis€¢Creator of Cuckoo Sandbox •Founder of Malwr.com HERE •Mark “rep” Schloesser @repmovsb •Security Researcher at Rapid7

HERE - Cuckoo Sandbox - Automated Malware...

Category: Documents
Cuckoo sandbox

Cuckoo sandbox

Category: Education
Cuckoo Sandbox BookCuckoo Sandbox Book, Release 0.4.2 Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components

Cuckoo Sandbox BookCuckoo Sandbox Book, Release 0.4.2 Cuckoo...

Category: Documents
ESCUELA SUPERIOR POLITÉCNICA DE CHIMBORAZOdspace.espoch.edu.ec/bitstream/123456789/6848/1/98T00139.pdfde malware basado en Cuckoo Sandbox para la red local del edificio de la Facultad

ESCUELA SUPERIOR POLITÉCNICA DE...

Category: Documents
DEMO: Akatosh: Automated Cyber Incident Verification and ... · 1 INTRODUCTION While Intrusion ... Cuckoo Sandbox [3], an open source malware analysis system, to inject malware from

DEMO: Akatosh: Automated Cyber Incident Verification and...

Category: Documents
The Benefits of Python & Open Source - OWASP · The Benefits of Python & Open Source ... Introduction Why Python? ... ± Cuckoo Sandbox [Malware Analysis] ± GRR Rapid Response [IR

The Benefits of Python & Open Source - OWASP · The...

Category: Documents
Sandbox: Análisis dinámico de malware - UNAM- · PDF fileSandbox para el análisis dinámico de malware Implementado en Cuckoo sandbox Análisis del tráfico de red Archivos que

Sandbox: Análisis dinámico de malware - UNAM- · PDF...

Category: Documents
Malware Analysis as a Hobby - OWASP Analysis • Cuckoo Sandbox • VirusTotal A days work for a Cuckoo DEMO: Submit sample for analysis Sample Reporting Results are stored in MongoDB

Malware Analysis as a Hobby - OWASP Analysis • Cuckoo...

Category: Documents