Cuckoo Sandbox is an open source automated malware analysis system that enables you to easily automate the process of analyzing your feeds of malware samples and start collecting actionable threat data. This is especially useful in todays world, where simply removing malware artifacts from a network is not enough. Instead, it's important for corporations, governments, and organizations of any sort to understand how they work and what they might do/have done on their network. Being for incident response, preemptive analysis, or just to collect intelligence. During this technical talk we'll first give a quick introduction of Cuckoo Sandbox for those of us unfamiliar with it. We will then dig into the design of the Cuckoo, followed by an in-depth technical walk-through of the various low-level techniques that have been employed into Cuckoo in order to analyze & defeat the most recent detection techniques. We will learn how Cuckoo keeps track of multiple processes (e.g., for banking malware which injects into other processes), the advanced hooking scheme for intercepting function calls, tricks we use to tweak huge log files, various anti-anti-debugging tricks, and finally, various advanced techniques we've given a spin but didn't work out in the end.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.