Auflistung nach Schlagwort "Virtual Machine Introspection"
1 - 2 von 2
Treffer pro Seite
Sortieroptionen
- TextdokumentFighting Evasive Malware: How to Pass the Reverse Turing Test By Utilizing a VMI-Based Human Interaction Simulator(GI SICHERHEIT 2022, 2022) Gruber, Jan; Freiling, Felix C.Sandboxes are an indispensable tool in dynamic malware analysis today. However, modern malware often employs sandbox-detection methods to exhibit non-malicious behavior within sandboxes and therefore evade automatic analysis. One category of sandbox-detection techniques are reverse Turing tests (RTTs) to determine the presence of a human operator. In order to pass these RTTs, we propose a novel approach which builds upon virtual machine introspection (VMI) to automatically reconstruct the graphical user interface, determine clickable buttons and inject human interface device events via direct control of virtualized human interface devices in a stealthy way. We extend the VMI-based open-source sandbox DRAKVUF with our approach and show that it successfully passes RTTs commonly employed by malware in the wild to detect sandboxes
- KonferenzbeitragIntroducing DINGfest: An architecture for next generation SIEM systems(SICHERHEIT 2018, 2018) Menges, Florian; Böhm, Fabian; Vielberth, Manfred; Puchta, Alexander; Taubmann, Benjamin; Rakotondravony, Noëlle; Latzo, TobiasIsolated and easily protectable IT systems have developed into fragile and complex structures over the past years. These systems host manifold, flexible and highly connected applications, mainly in virtual environments. To ensure protection of those infrastructures, Security Incident and Event Management (SIEM) systems have been deployed. Such systems, however, suffer from many shortcomings such as lack of mechanisms for forensic readiness. In this extended abstract, we identify these shortcomings and propose an architecture which addresses them. It is developed within the DINGfest project, on which we report and for which we seek initial feedback from the community.