Geeks for your information Security Independent Organizations Reports v
VirusTotal Multisandbox += Sangfor ZSand
VirusTotal Multisandbox += Sangfor ZSand
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 13,337
Threads: 9,058
Thanks Received: 8,864 in 7,019 posts
Thanks Given: 9,819
Joined: 12 September 18
#1
Bug  13 December 20, 08:24
Quote:
[Image: VTBLOG-LOGO.jpg]

VirusTotal multisandbox project welcomes Sangfor ZSand.  The ZSand currently focuses on PE files,with extensions to other popular file types like javascript and Microsoft office to be released soon.

In their own words:

ZSand, developed by Sangfor Technologies’ Cloud Computing & Security Team, is an agentless behavioral analysis engine incorporating multiple innovative techniques. At the systems level, zSand employs Two-Dimensional Paging (TDP) techniques to inject hidden breakpoints, enabling accurate monitoring of the API calling sequence of a given process for further fine-grained analysis. At the GUI level, interactions are simulated by the virtual network console (VNC) and visual artificial intelligence (AI) techniques, providing a lifelike and fully functional sandbox. At the detection level, zSand identifies all forms of malware, including vulnerability exploits, by uncovering malicious behaviors and synergistically applying both conventional rule-based approaches and advanced AI algorithms. As a core innovation of the Sangfor anti-malware research group, zSand is a significant improvement in cyber-security capability for both Sangfor Technologies and its clients, customers and partners. Use cases include proactive hunting for unknown threats and the near real-time production of threat intelligence identifying malicious URLs, domain names, files, memory fingerprints, and malicious behavioral patterns. zSand is an agentless behavior monitoring engine, allowing users to deploy real-time defenses in a virtual environment.

In comparison with other sandboxes, the key advantages of zSand include:
  • High runtime performance -- By optimising the configuration of TDP and reducing the number of VMExit events, zSand minimizes monitoring overhead and resource utilization.
  • Strong anti-evasion measures -- Thanks to high performance hardware virtualisation and agentless features, zSand is immune to anti-sandbox detection. 
  • Comprehensive monitoring -- zSand retrieves detailed malware behavioral events and associated states of hardware including CPU, memory, disks, and network interfaces. 
  • Extensive and in-depth analysis -- Designed by cyber-security specialists and AI specialists, zSand is able to dynamically detect elusive and concealed malicious behavior, vulnerability exploits, malware persistence, and privilege escalation, at low levels.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Kaspersky\VPN\KSOS 21.19 & KES 12.7 bet...
harlan4096 — 10:40
AMD Ryzen AI Max+ 395 to feature 16 Zen5...
Please note that t...harlan4096 — 08:42
Intel Core Ultra 200HX Series leaked: Co...
Intel Core-HX Arro...harlan4096 — 08:41
Brave 1.70.117
Brave 1.70.117​ ...harlan4096 — 06:06
AdGuard Browser Extension 5.0.91
AdGuard Browser Ext...harlan4096 — 06:04

[-]
Birthdays
Today's Birthdays
avatar (37)RicardoGoase
Upcoming Birthdays
avatar (37)fapedDow
avatar (47)pohudidere
avatar (37)eqiduseb
avatar (39)maskbSleew

[-]
Online Staff
There are no staff members currently online.

>