Saturday 6th July, 2013
9:00pm to 9:45pm
Open Source Dynamic Malware Analysis
Cuckoo Sandbox is a widely used open-source project for automated dynamic malware analysis. It takes malicious documents or URLs as input and provides both high-level overview reports as well as detailed API call traces of the activities observed inside a virtual machine. The project was founded by Claudio Guarnieri and is mainly developed by four developers in their free time and during weekends.
Cuckoo Sandbox distinguishes from other solutions thanks to its modular design and flexible customization features. Because of this unique emphasis several large IT corporations and security companies run Cuckoo Sandbox to analyze malware samples on a daily basis and it’s often placed alongside with traditional perimeter security products as an added weapon to incident response and security teams’ arsenals. Being open-source, it also empowers independent and academic security researchers to use a full-fledged malware analysis sandbox freely.
For the latest available version we saw more than 8000 downloads and a few hundred constantly running deployments with enabled update-checks. This community also contributes to the project in various forms such as setup instructions, code contributions, behavioral signatures, feature requests and usability feedback and is actively engaged in conversations over mailing lists and IRC.
Freelance Security Researcher. Low-Level stuff. Member of De Eindbazen CTF Team. Cuckoo Sandbox Developer. I like emulators and (de)obfuscation. bio from Twitter
Security Researcher at @Rapid7, @Shadowserver member, @ProjectHoneynet member, @CuckooSandbox and @Malwr creator. Tweets are my own, right? bio from Twitter
Sign in to add slides, notes or videos to this session