Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Haow do I sandbox?!?!

malware, malware analysis
Jurriaan Bremer
REcon 2013
Indexed on
Sep 09, 2014
File name
File size
3.9 MB

Cuckoo Sandbox is an open source automated malware analysis system that enables you to easily automate the process of analyzing your feeds of malware samples and start collecting actionable threat data. This is especially useful in todays world, where simply removing malware artifacts from a network is not enough. Instead, it's important for corporations, governments, and organizations of any sort to understand how they work and what they might do/have done on their network. Being for incident response, preemptive analysis, or just to collect intelligence. During this technical talk we'll first give a quick introduction of Cuckoo Sandbox for those of us unfamiliar with it. We will then dig into the design of the Cuckoo, followed by an in-depth technical walk-through of the various low-level techniques that have been employed into Cuckoo in order to analyze & defeat the most recent detection techniques. We will learn how Cuckoo keeps track of multiple processes (e.g., for banking malware which injects into other processes), the advanced hooking scheme for intercepting function calls, tricks we use to tweak huge log files, various anti-anti-debugging tricks, and finally, various advanced techniques we've given a spin but didn't work out in the end.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.


Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.


To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !