A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Thinking Outside The (Sand)Box - Kyle Adams (ShowMeCon 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)

Thinking Outside The (Sand)Box
Kyle Adams

ShowMeCon 2014

Incorporating sandboxing and heuristic-based malware detection to security solutions is the new black. Unfortunately, malware writers know this too and are designing their exploits to only run once clearing any sandboxes. If they can avoid getting analyzed and detected as malware, they will also avoid having a signature written and published.

This seems like bad news for malware protection, but maybe not. It’s possible to trick evasive malware into thinking it’s continually running in a sandbox (even though it’s not) so it never executes its payload. This inoculates targeted machines from malware designed to evade sandbox analysis.

My presentation will demonstrate some of the techniques modern malware uses to determine if it is running in a sandbox or being analyzed.  I will also share deceptive techniques available to anyone, which can be used to inoculate a machine from being infected by these types of attacks. Thinking Outside the [Sand]box. No antivirus necessary.


Kyle Adams has been involved with security since a very early age.  Self-taught, he learned the basics of hacking and security defense strategies long before entering the professional world.  Early on, much of his professional focus has been on web security threats like SQLi, XSS, CSRF, etc…  but more recently he has started researching and working on products to defend against malware based threats.  Kyle helped build and design the first commercial security solution based on deception and misinformation, evolving the concept of honeypot technology from a purely academic endeavor to a realistic intrusion prevention strategy (Junos Web App Secure, formerly Mykonos).  He is now working on introducing similar deception techniques as a detection and prevention methodology into the malware space.

Back to ShowMeCon 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast