• Home

  • Documents

  • Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics...
7
CISC 850 : Cyber Analytics Leonardo De La Rosa Institute for Financial Services Analytics University of Delaware Cuckoo Sandbox

Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

  • Upload
    lamdung

  • View
    225

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

Leonardo De La RosaInstitute for Financial Services Analytics

University of Delaware

Cuckoo Sandbox

Page 2: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

Cuckoo Sandbox• Automated malware analysis system.

• Uses virtualization and supports Bare-metal environments.

• Analyzes different malicious files.

• Python based. Easy to customize.

Page 3: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

• Trace API calls.

• Generate Behavioral profile and signatures.

• Dump and analyze Network Traffic.

• Capture file dumps.

• Take screenshots during execution of the analysis.

What Cuckoo can do

Page 4: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

Cuckoo’s Architecture

Cuckoo host

Analysis Guests

Bare-metal System

Virtual Environment

Page 5: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

Execution Flow

Submit a Task

Launch Virtual

MachineExecute Malware

Log Results

Generate Reports

Page 6: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

Drawbacks• Malware checks for virtualization software:

Ø Registry keys.Ø Devices (CD-ROM, HDD).Ø Background processes.Ø IP addresses.

• Evasive techniques:

Ø Time triggers.Ø Extended sleep.Ø User interaction.

Page 7: Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

CISC 850 : Cyber Analytics

Demo


Haow do I sandbox?!?! - RECON.CX Bremer...Haow do I sandbox?!?! Cuckoo Sandbox Internals Jurriaan Bremer @skier t Student (University of Amsterdam), Freelance Security Researcher June

Haow do I sandbox?!?! - RECON.CX Bremer...Haow do I sandbox?!?! Cuckoo Sandbox Internals Jurriaan Bremer @skier t Student (University of Amsterdam), Freelance Security Researcher June

Documents
Deep Learning for Classi cation of Malware System Call ... Learning... · We choose the Cuckoo sandbox which is ... Deep Learning for Classi cation of Malware System Call Sequences

Deep Learning for Classi cation of Malware System Call ... Learning... · We choose the Cuckoo sandbox which is ... Deep Learning for Classi cation of Malware System Call Sequences

Documents
Cuckoo Sandbox Book · Contents 1 Using the new Cuckoo Package?3 2 Having troubles? 5 2.1 FAQ

Cuckoo Sandbox Book · Contents 1 Using the new Cuckoo Package?3 2 Having troubles? 5 2.1 FAQ

Documents
Malware Analysis as a Hobby - OWASP Analysis • Cuckoo Sandbox • VirusTotal A days work for a Cuckoo DEMO: Submit sample for analysis Sample Reporting Results are stored in MongoDB

Malware Analysis as a Hobby - OWASP Analysis • Cuckoo Sandbox • VirusTotal A days work for a Cuckoo DEMO: Submit sample for analysis Sample Reporting Results are stored in MongoDB

Documents
Our tool and how one of our analysis was nominated to the ... · 1 Malware.lu overview Introduction Some numbers ... Malwasm is based on Cuckoo Sandbox. ... Malware.luoverview Malwasm

Our tool and how one of our analysis was nominated to the ... · 1 Malware.lu overview Introduction Some numbers ... Malwasm is based on Cuckoo Sandbox. ... Malware.luoverview Malwasm

Documents
@PacSec 2013 Fighting advanced malware … analysis train Cuckoo Sandbox Jubatus training set feature selection convert to Feature Vector test Jubatus test set TPR: X% FPR: Y% original

@PacSec 2013 Fighting advanced malware … analysis train Cuckoo Sandbox Jubatus training set feature selection convert to Feature Vector test Jubatus test set TPR: X% FPR: Y% original

Documents
SandboxLIVE Maples PPT · Sandbox Social Media Sandbox Webinar Sandbox Resource Library Sandbox Exhibitor Academy Sandbox TV Sandbox LIVE. Sandbox Exchange. Sandbox Social Media

SandboxLIVE Maples PPT · Sandbox Social Media Sandbox Webinar Sandbox Resource Library Sandbox Exhibitor Academy Sandbox TV Sandbox LIVE. Sandbox Exchange. Sandbox Social Media

Documents
Cuckoo Sandbox Book - Read the Docs · CHAPTER 1 Contents 1.1Introduction This is an introductory chapter to Cuckoo Sandbox. It explains some basic malware analysis concepts, what’s

Cuckoo Sandbox Book - Read the Docs · CHAPTER 1 Contents 1.1Introduction This is an introductory chapter to Cuckoo Sandbox. It explains some basic malware analysis concepts, what’s

Documents
Introduction to malware analysis with Cuckoo Sandbox

Introduction to malware analysis with Cuckoo Sandbox

Technology
Cuckoo Sandbox Book · 2021. 1. 30. · Cuckoo Sandbox Book, Release 2.0.7 Cuckoo Sandbox is an open source software for automating analysis of suspicious files. To do so it makes

Cuckoo Sandbox Book · 2021. 1. 30. · Cuckoo Sandbox Book, Release 2.0.7 Cuckoo Sandbox is an open source software for automating analysis of suspicious files. To do so it makes

Documents
Cyber Analytics Service Constraints and Solutionscavazos/cisc850-spring... · What the really large players do: CISC850 Cyber Analytics Mastering Chaos - A Netflix Guide to Microservices

Cyber Analytics Service Constraints and Solutionscavazos/cisc850-spring... · What the really large players do: CISC850 Cyber Analytics Mastering Chaos - A Netflix Guide to Microservices

Documents
Cuckoo Sandbox Book - Read the Docs

Cuckoo Sandbox Book - Read the Docs

Documents
THREAT PROTECTION APPLIANCE 3 - Forcepoint | … CUCKOO OPEN SOURCE SANDBOX The sandboxing process begins with TPA sending the file to Cuckoo’s malware analysis system. Cuckoo can

THREAT PROTECTION APPLIANCE 3 - Forcepoint | … CUCKOO OPEN SOURCE SANDBOX The sandboxing process begins with TPA sending the file to Cuckoo’s malware analysis system. Cuckoo can

Documents
Tasty Malware Analysis with T.A.C.O. - Ruxcon …2015.ruxcon.org.au/assets/2015/slides/taco-jjones-ruxcon.pdf15 Cuckoo Sandbox • Likely most popular open-source / free sandbox available

Tasty Malware Analysis with T.A.C.O. - Ruxcon …2015.ruxcon.org.au/assets/2015/slides/taco-jjones-ruxcon.pdf15 Cuckoo Sandbox • Likely most popular open-source / free sandbox available

Documents
Cuckoo Sandbox Book - WikiLeaks 2 Contents 2.1Introduction This is an introductory chapter to Cuckoo Sandbox. It explains some basic malware analysis concepts, what’s Cuckoo and

Cuckoo Sandbox Book - WikiLeaks 2 Contents 2.1Introduction This is an introductory chapter to Cuckoo Sandbox. It explains some basic malware analysis concepts, what’s Cuckoo and

Documents
Malware Analysis as a Hobby - OWASP · 22-11-2012  · • Cuckoo Sandbox • VirusTotal. A days work for a Cuckoo. DEMO: Submit sample for analysis. Sample Reporting Results are

Malware Analysis as a Hobby - OWASP · 22-11-2012  · • Cuckoo Sandbox • VirusTotal. A days work for a Cuckoo. DEMO: Submit sample for analysis. Sample Reporting Results are

Documents
The Benefits of Python & Open Source - OWASP · The Benefits of Python & Open Source ... Introduction Why Python? ... ± Cuckoo Sandbox [Malware Analysis] ± GRR Rapid Response [IR

The Benefits of Python & Open Source - OWASP · The Benefits of Python & Open Source ... Introduction Why Python? ... ± Cuckoo Sandbox [Malware Analysis] ± GRR Rapid Response [IR

Documents
MalwareDynamicAnalysis05 - OpenSecurityTrainingopensecuritytraining.info/MalwareDynamicAnalysis_files/...CUC oo Cuckoo Sandbox Open source automated malware analysis system Analyzes

MalwareDynamicAnalysis05 - OpenSecurityTrainingopensecuritytraining.info/MalwareDynamicAnalysis_files/...CUC oo Cuckoo Sandbox Open source automated malware analysis system Analyzes

Documents
HERE - Cuckoo Sandbox - Automated Malware Analysis€¢Creator of Cuckoo Sandbox •Founder of Malwr.com HERE •Mark “rep” Schloesser @repmovsb •Security Researcher at Rapid7

HERE - Cuckoo Sandbox - Automated Malware Analysis€¢Creator of Cuckoo Sandbox •Founder of Malwr.com HERE •Mark “rep” Schloesser @repmovsb •Security Researcher at Rapid7

Documents
IAMWHO - IT-SECX – IT-Security Community Exchange Jurriaan Bremer •Member of The Honeynet Project •Member of Eindbazen CTF Team •Cuckoo Sandbox Developer for ~2.5 years •Author

IAMWHO - IT-SECX – IT-Security Community Exchange Jurriaan Bremer •Member of The Honeynet Project •Member of Eindbazen CTF Team •Cuckoo Sandbox Developer for ~2.5 years •Author

Documents
Memory Forensics -  · Memory Forensics An introduction ... Practical Malware Analysis ... Cuckoo Sandbox Yara

Memory Forensics -  · Memory Forensics An introduction ... Practical Malware Analysis ... Cuckoo Sandbox Yara

Documents
Tasty Malware Analysis with T.A.C.O. - FIRST · Tasty Malware Analysis with T.A.C.O. ... Malware Analysis Challenges ... • DLL Side-loading 9. Cuckoo Sandbox • Popular open-source

Tasty Malware Analysis with T.A.C.O. - FIRST · Tasty Malware Analysis with T.A.C.O. ... Malware Analysis Challenges ... • DLL Side-loading 9. Cuckoo Sandbox • Popular open-source

Documents
Installing and Using Cuckoo Malware Analysis Sandbox

Installing and Using Cuckoo Malware Analysis Sandbox

Documents
Cuckoo Sandbox Book · To run with VMware vSphere Hypervisor (or ESXi) Cuckoo leverages on libvirt or pyVmomi (the Python SDK for the VMware vSphere API). VMware API are used to take

Cuckoo Sandbox Book · To run with VMware vSphere Hypervisor (or ESXi) Cuckoo leverages on libvirt or pyVmomi (the Python SDK for the VMware vSphere API). VMware API are used to take

Documents
PlatPal: Detecting Malicious Documents with Platform … · After the introduction of a Chrome-like sandboxing mech- ... malware analysis tools such as Cuckoo sandbox [44]. It is

PlatPal: Detecting Malicious Documents with Platform … · After the introduction of a Chrome-like sandboxing mech- ... malware analysis tools such as Cuckoo sandbox [44]. It is

Documents
Anybody heard a Cuckoo? CuCkoo FAIr - South East Marts

Anybody heard a Cuckoo? CuCkoo FAIr - South East Marts

Documents
NCSC One: IoT Honeypot · 2018. 12. 11. · Cuckoo Sandbox 4. Project 5. Architecture 6. Offline demo 7. Roadmap. Introduction. Pieter Jansen - CEO @ Cybersprint - - Team of 25 enthusiasts

NCSC One: IoT Honeypot · 2018. 12. 11. · Cuckoo Sandbox 4. Project 5. Architecture 6. Offline demo 7. Roadmap. Introduction. Pieter Jansen - CEO @ Cybersprint - - Team of 25 enthusiasts

Documents
Cuckoo Clocks

Cuckoo Clocks

Entertainment & Humor
2016 HITCON Malware is In the Memory · Cuckoo Sandbox - Malware Automatic Analysis System - Windows ... . ... New Malware Analysis System

2016 HITCON Malware is In the Memory · Cuckoo Sandbox - Malware Automatic Analysis System - Windows ... . ... New Malware Analysis System

Documents
NSC-JST workshop · Fighting Malware & Botnets – Introduction ... Automated dynamic malware Behavior Analysis ... summary based on Cuckoo Sandbox

NSC-JST workshop · Fighting Malware & Botnets – Introduction ... Automated dynamic malware Behavior Analysis ... summary based on Cuckoo Sandbox

Documents