I developed a tool, which can collect a lot of interesting information from these sandboxes to create statistics how the current technologies work.
Manual processing of malware samples became impossible years ago. Sandboxes are used to automate the analysis of malware samples to gather information about the dynamic behaviour of the malware, both at AV companies and at enterprises.
During my research I invented new approaches to detect these sandboxes. I developed a tool, which can collect a lot of interesting information from these sandboxes to create statistics how the current technologies work. I will demonstrate tricks to detect sandboxes. Some sandboxes are not interacting with the Internet in order to block data extraction, but with some DNS-fu the information can be extracted from these appliances as well.
If you already have or plan to buy a “magic” malware analysis/detection sandbox, this is a must -see presentation for you. The sandbox detection techniques used in “APT”s like BlackEnergy or DOUBLEFANTASY can be considered old, outdated and lacking in creativeness compared to these new techniques.