Título de la charla: “Deep Dive into a malware Sandbox System”
Currently, the situation of “Operate a malware sandbox service” is quite often at any security company. Traditional vendors of security solutions include a sandbox as part of its Cybersecurity product portfolio, which offers the function of “files “detonation” in order to obtain indicators of compromise that are after used as a blocking mechanism in other internal products available at the same portfolio.
Although it is not so public domain, a malware sandboxing system is quite complex and can have a file detonation system in order to get the behavior, in addition to network connections, etc .. It is not easy and requires certain variables that together, make your sandboxing system can give good results.
The landscape of sandboxing contemplates different architectures and paradigms, each of them with its challenges.
There is not much talk about the internals of a sandbox, so it is expected that some details that are not so much in the public domain can be disclosed.
During the presentation, different aspects related to malware sandboxing will be explained, where we are today and what challenges we face in the future. Which type of environments are available, malware trick to avoid those systems, how to fight them. The idea of the talk is give a big insight about the Malware Sandbox world
Marc Rivero López loves what he does. He is focused since years into the malware analysis research, reverse engineering, and Threat Intelligence. He previously developed his tasks inside an AntiFraud team delivering services to different financial institutions, Governments and CERTs/CSIRTs
He is a usual community contributor and public speaker in national and International conferences.
He develops his professional activity as a Threat Researcher in the McAfee ATR Team.
He is also in charge as a Director of the CyberSecurity degree at “La Salle Barcelona”