BSidesLV 2016 has ended
Welcome to BSidesLV 2016, our 8th annual BSides in beautiful Las Vegas, Nevada!
Back To Schedule
Tuesday, August 2 • 17:00 - 17:55
An Adversarial View of SaaS Malware Sandboxes

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard?

In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more.

avatar for Jason Trost

Jason Trost

VP of Threat Research, Anomali, Inc.
Jason Trost is the VP of Threat Research at Anomali, Inc. and leads Anomali Labs, the research team. He has worked in security for more than ten years, and he has several years of experience leveraging big data technologies for security data mining and analytics. He is deeply interested... Read More →

Tuesday August 2, 2016 17:00 - 17:55 PDT
Underground Firenze