Top Cybersecurity Training Protects Your Assets - Learn From the BEST and Apply New Knowledge Immediately!

Network Security 2020 - Live Online

Virtual, US Pacific | Sun, Sep 20 - Fri, Sep 25, 2020

Defense Against the Dark Arts: Dissecting Sandbox Evasion Techniques

  • Ben Abbott
  • Tuesday, September 22nd, 12:30pm - 1:15pm

REGISTER HERE

When traditional security products fail in preventing malware from infiltrating an organization, a malware analyzer using a sandbox is often the last line of defense. For years, malware authors have found ways to stay one step ahead in the arms race with vendors in this crucial security layer. Building on years of research, the VMRay team tracked and analyzed the evasion techniques that these malware authors use.

Join Ben Abbott, Solutions Engineer at VMRay, as he takes a deeper look at the techniques malware authors use to evade automated dynamic analysis, and what steps can be taken for organizations to restore hope in their defenses:

  • Detecting the presence of a sandbox: Once a malicious file detects the presence of a sandbox during execution, it alters its behavior in an effort to avoid being detected.
  • Exploiting weaknesses in the underlying sandbox technology: This approach typically takes advantage of the fact that most sandboxes use agents, or hooks, to monitor malware activity.
  • Using contextual triggers: This approach gathers information about the malwares context, such as localization or time, and doesnt execute the malicious behavior unless the malware is running in the right context.
VMRay

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, September 21
Session Speaker Time Type
Influencing a Software Vendor's Roadmap James Nixon Monday, September 21st, 12:30pm - 1:15pm Special Events
Back to the (Cyber) Future: Tomorrow's Cybersecurity Relies on Today's Asset Management Andrew Senko Monday, September 21st, 12:30pm - 1:15pm Special Events
Network Security Monitoring vs Encryption Richard Bejtlich Monday, September 21st, 12:30pm - 1:15pm Special Events
SANS@Mic PowerShell 2020: State of the Art / Hack / Infection Jason Fossen Monday, September 21st, 7:30pm - 9:30pm Keynote
Tuesday, September 22
Session Speaker Time Type
SANS.edu Undergraduate & Graduate Programs Information Session Tuesday, September 22nd, 8:00am - 8:30am Special Events
Solving Network and Security Challenges with SASE Nitin Kumar, Eric Trolan Tuesday, September 22nd, 12:30pm - 1:15pm Special Events
Defense Against the Dark Arts: Dissecting Sandbox Evasion Techniques Ben Abbott Tuesday, September 22nd, 12:30pm - 1:15pm Special Events
Moving Left: Driving Proactive Defense through Threat Investigation Jackie Abrams Tuesday, September 22nd, 12:30pm - 1:15pm Special Events
Wednesday, September 23
Session Speaker Time Type
Automating Event Triage in the Cloud Jay Spann Wednesday, September 23rd, 12:30pm - 1:15pm Special Events
Confidence in Security Intelligence John Wetzel Wednesday, September 23rd, 12:30pm - 1:15pm Special Events
The Myths of Network Security Matt Cauthorn Wednesday, September 23rd, 12:30pm - 1:15pm Special Events
SANS@Mic - OSINT Geolocation Techniques and How to Prevent Them Micah Hoffman Wednesday, September 23rd, 7:30pm - 8:30pm SANS@Night
Thursday, September 24
Session Speaker Time Type
Leveraging Asset Visibility to Enhance Security Operations Mehul Revankar Thursday, September 24th, 12:30pm - 1:15pm Special Events