Incorporating sandboxing and heuristic-based malware detection to security solutions is the new black. Unfortunately, malware writers know this too and are designing their exploits to only run once clearing any sandboxes. If they can avoid getting analyzed and detected as malware, they will also avoid having a signature written and published.

This seems like bad news for malware protection, but maybe not. It’s possible to trick evasive malware into thinking it’s continually running in a sandbox (even though it’s not) so it never executes its payload. This inoculates targeted machines from malware designed to evade sandbox analysis.

My presentation will demonstrate some of the techniques modern malware uses to determine if it is running in a sandbox or being analyzed.  I will also share deceptive techniques available to anyone, which can be used to inoculate a machine from being infected by these types of attacks. Thinking Outside the [Sand]box. No antivirus necessary.

Bio:

Kyle Adams has been involved with security since a very early age.  Self-taught, he learned the basics of hacking and security defense strategies long before entering the professional world.  Early on, much of his professional focus has been on web security threats like SQLi, XSS, CSRF, etc…  but more recently he has started researching and working on products to defend against malware based threats.  Kyle helped build and design the first commercial security solution based on deception and misinformation, evolving the concept of honeypot technology from a purely academic endeavor to a realistic intrusion prevention strategy (Junos Web App Secure, formerly Mykonos).  He is now working on introducing similar deception techniques as a detection and prevention methodology into the malware space.

Back to ShowMeCon 2014 video list