Detecting Sandbox Evasion Techniques in Malware Analysis

Explore the world of sandbox evasion techniques in this 17-minute conference talk from USENIX Enigma 2020. Delve into the methods used by cyber attackers to detect and evade sandbox environments, concealing their true behavior to avoid detection. Learn how to harden sandbox systems against these evasion techniques, and discover unique malware samples that implement these strategies. Gain insights into using the MITRE ATT&CK Framework to document these techniques and improve detection and analysis systems. Covering topics such as environment awareness, system architecture, time-based detection, user-based detection, and network-based detection, this talk provides valuable knowledge for cybersecurity professionals and enthusiasts alike.

Intro
OVERVIEW - AGENDA
ENVIRONMENT AWARENESS
TECHNIQUES
SYSTEM ARCHITECTURE
SYSTEM BACKGROUND
TIME-BASED DETECTION
USER-BASED DETECTION
NETWORK-BASED DETECTION
RESULTS - APT TRACKING
RESULTS & INSIGHT
CLOSING REMARKS