Freeze Drying for Capturing Environment-Sensitive Malware Alive

Explore innovative techniques for capturing and analyzing environment-sensitive malware in this Black Hat conference talk. Learn about the "freeze drying" method that enables live process migration of sophisticated malware like Citadel and ZeuS/GameOver, which typically employ anti-analysis techniques. Discover how the Sweetspot malware capture system uses process live migration and system call proxies to mimic infected host environments, allowing for in-process malware capture and analysis. Gain insights into how this technology can serve as a honeypot, providing dummy data to malware requesting sensitive information. Witness a live demonstration of freeze-drying and instant dynamic analysis of real malware samples during this 41-minute presentation by Yosuke Chubachi.

Freeze Drying for Capturing Environment-Sensitive Malware Alive