Malware Analysis Sandbox Testing Methodology
Résumé
Texte intégral :
PDF (English)Références
N. Rin, EP_XOFF, Virtual Machines Detection Enhanced, 2013, https://github.com/hfiref0x/VMDE
Michael Boman, Making Virtualbox nearly undetectable, 2014 http://blog.michaelboman.org/2014/01/making-virtualbox-nearly-undetectable.html
William Metcalf, Cuckoo building scripts, 2015, https://github.com/wmetcalf/buildcuckoo-trusty
Jurriaan Bremer, "VMCloak, a tool for automatically creating and configuring Virtual Machines for Cuckoo Sandbox", 2015, http://jbremer.org/vmcloak2/
VirtualBox Anti-AntiVM, 2014, http://www.kernelmode.info/forum/viewtopic.php?f=11&t=1911
Peter Kleissner, AVTracker, http://avtracker.info/
SpiderLabs Research, Magnitude Exploit Kit Backend Infrastructure Insight - Part II, 2014, https://www.trustwave.com/Resources/SpiderLabs-Blog/Magnitude-Exploit-Kit-Backend-Infrastructure-Insight---Part-II/
Christian Amman, Hyperion: Implementation of a PE-Crypter, Nullsecurity, 2012, https://github.com/nullsecuritynet/papers/raw/master/nullsec-pe-crypter/nullsec-pe-crypter.pdf
James Wyke, Duping the machine - malware strategies, post sandbox detection, 2015, https://www.virusbtn.com/virusbulletin/archive/2015/01/vb201501-duping
Ben Baker, Alex Chiu, Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors, 2015, http://blogs.cisco.com/security/talos/rombertik
Kaspersky Labs' Global Research & Analysis Team, Animals in the APT Farm, 2015, https://securelist.com/blog/research/69114/animals-in-the-apt-farm/
Joe Giron, Bypassing FireEye, ToorCon 15, https://www.youtube.com/watch?v=wynvicPjRDk
Th4nat0s, No_Sandboxes, https://github.com/Th4nat0s/No_Sandboxes
hfiref0x, VBoxHardenedLoader, https://github.com/hfiref0x/VBoxHardenedLoader
DOI: http://dx.doi.org/10.18464/cybin.v1i1.3
Renvois
- Il n'y a présentement aucun renvoi.

Ce(tte) œuvre est mise à disposition selon les termes de la Licence Creative Commons Attribution 4.0 International.
CECyF 2015 - Centre Expert contre la Cybercriminalité Français - CybIN