Description: Blackhat 2012 EUROPE - Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis
https://media.blackhat.com/bh-eu-12/Royal/bh-eu-12-Royal-Entrapment-WP.pdf https://media.blackhat.com/bh-eu-12/Royal/bh-eu-12-Royal-Entrapment-Slides.pdf https://media.blackhat.com/bh-eu-12/Royal/bh-eu-12-Royal-nvmtrace-Code.zip The detection of malware analysis environments has become popular and commoditized. Detection techniques previously reserved for more sophisticated forms of malware are now available to any novice cyber criminal. The use of next-generation virtualization-based malware analysis technologies considerably reduces the number of possible transparency shortcomings, but still fails to handle pathologically resistant malware instances that will only run on physical hardware.
Thus far, the execution of malware on physical (or baremetal) hardware has been useful for one or a handful of malware samples of interest. However, this activity was manually driven and time intensive (e.g., infect, study, format, reinstall). This presentation will resolve these long-outstanding shortcomings by describing the design and implementation of a scalable, automated baremetal malware analysis system, which can be constructed using inexpensive commodity hardware and freely available technologies. To motivate the approach's need, previously unpublished detection attacks for popular environments used to automate malware analysis (i.e., VMWare, QEMU) will be shown.
Tags: securitytube , conference , hacking , hackers , information security , convention , computer security , blackhat12 , blackhat-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.