Bypassing Malware Analysis Sandboxes Is Easy - Let’s Discuss How They Are Doing It and Why It Works

Explore the intricacies of bypassing malware analysis sandboxes in this 39-minute conference talk from BSidesSF 2017. Delve into various automated cloud malware analysis sandboxes, including VxStream/Reverse.It, Malwr, and Cuckoo, as well as high-end commercial solutions. Examine the effectiveness of these tools in analyzing different file formats, such as .DOC and .PDF, and compare their performance against manual analysis techniques. Gain insights into the gaps in sandbox analysis, their reliability for incident response, and their ability to provide sufficient data for network defense and infection remediation. Learn about various evasion techniques employed by malware, including password-protected files, time-based triggers, and parentless processes. Evaluate the efficiency and limitations of email gateways, web proxies, and other security solutions in detecting and analyzing malware.

Introduction
Who am I
What is a sandbox
Passwordprotected files
Olay objects
URL in document
Time
Reverse Audit
Log Analysis
Network Traffic
Persistence
Fax
Strings
Office Mail Scanner
Email Gateway
WordBox
Blank Screens
Web Proxy
Who else got infected
Breaking automated analysis
Parentless processes
Manual vs Cloud
XMNBM
Ransomware
Additional reports
Efficiency
Questions
Summary