SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsIn recent years, the security landscape has witnessed the rise of a new breed of malware, Advanced Persistence Threat, or APT for short. With all traditional security solutions failing to address this new threat, a demand was created for new solutions that are capable of addressing the advanced capabilities of APT. One of the offered solutions was file-based sandboxes, a solution that dynamically analyzes files and judges their threat levels based on their behavior in an emulated/virtual environment. But security is a cat and mouse game, and malware authors are always trying to detect/bypass such measures. Some of the common techniques used by malware for sandbox evasion will be discussed in this paper. This paper will also analyze how to turn some countermeasures used by sandboxes against it. Finally, it will introduce some new ideas for sandbox evasion along with recommendations to address them.