Dismiss this notice
ExpressVPN Valentines 2021 Giveaway - https://www.geeks.fyi/showthread.php?tid=14246

Dismiss this notice
Internet Download Manager Giveaway - https://www.geeks.fyi/showthread.php?tid=14245

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Sandbox for experts
#1
Information 
Quote:
[Image: research-sandbox-featured.jpg]

We developed a sandbox capable of emulating a company-specific system in an isolated environment.

The creators of mass Trojans go to great lengths to execute their malicious code on victims’ computers. However, the masterminds behind complex threats and APT attacks spend no less effort on developing mechanisms not to execute their code. That way, they can bypass security technologies — in particular, sandboxes.

Sandboxes and evasion techniques

One of the basic tools for identifying malicious activity is the so-called sandbox. Essentially, it is a controlled, isolated environment. Security solutions can execute suspicious code in this environment and analyze all of its actions with no harm to the system. If a solution detects any malicious activity, it blocks execution of this code outside the sandbox.

This containment method is very effective against mass threats. Security vendors implement the sandboxing mechanism in one form or another in most security solutions. Therefore, cybercriminals have developed technologies whose sole purpose is to determine whether the malware is running in a controlled environment or in the workstation’s actual operating system. The simplest methods involve trying to access an outside server (blocked by regular sandboxes) or checking system parameters. If something is off, the malware usually self-destructs, leaving no trace of the attack and thus complicating the researchers’ work.
More advanced threats also check for a real user in the system; if the code is running with no trace of real human activity, it may be running in a sandbox.

Naturally, we’ve responded by improving our anti-evasion technologies. In particular, our infrastructure incorporates a powerful sandbox armed with mechanisms capable of emulating various environments and Kaspersky’s accumulated knowledge about all kinds of possible malicious activity. Researchers can use part of the sandbox functionality remotely, through our Kaspersky Cloud Sandbox solution.

But using a remote sandbox doesn’t always work for large companies that have dedicated security operation centers. First, many internal and external regulations prohibit the transfer of any information to third-party servers. That includes suspicious code. Second, malware tailored for attacks on individual companies can check for conditions specific to a particular infrastructure (for example, the presence of highly specialized software). Therefore, our solution, Kaspersky Research Sandbox, can be deployed within the corporate infrastructure.

Kaspersky Research Sandbox key features

Kaspersky Research Sandbox does not transfer anything from the infrastructure — if necessary, it can work through Kaspersky Private Security Network, which operates in data-diode mode. But its main advantage is that it allows researchers to build their own emulation environment. That means they can create an exact isolated copy of a typical workstation that employees use at their company with all specific software and network settings, and investigate the behavior of suspicious objects on that copy.

What’s more, Kaspersky Research Sandbox technologies not only use advanced behavior analysis tools to track everything that happens in this isolated environment, but they also mimic human activity in the system. Therefore, our sandbox enables the detonation, analysis, and detection of advanced threats, even if they are tailored specifically for your infrastructure.

The solution can emulate machines running Microsoft Windows or Android. You can learn more about Kaspersky Research Sandbox on the solution's dedicated page.
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
Bitdefender 25.0.19.75
Bitdefender 25.0.1...harlan4096 — 16:11
VLC (VideoLAN) Media Player 3.0.14
VLC (VideoLAN) Med...harlan4096 — 16:10
Custom browser protocol handlers may be ...
When you instal...harlan4096 — 16:01
Colonial Pipeline Shells Out $5M in Exto...
Colonial Pipeline ...silversurfer — 12:36
Pipeline Update: Biden Executive Order, ...
Colonial Pipeline ...silversurfer — 12:36

[-]
Birthdays
Today's Birthdays
avatar (39)knigiJow
avatar (41)1stOnecal
Upcoming Birthdays
avatar (23)jayc137
avatar (43)Jerrycix
avatar (35)awedoli
avatar (77)WinRARHowTo
avatar (34)axuben
avatar (35)ihijudu
avatar (44)contjrat
avatar (45)Mirzojap
avatar (31)idilysaju
avatar (35)GregoryRog
avatar (40)mediumog
avatar (35)odukoromu
avatar (41)Joanna4589

[-]
Online Staff
There are no staff members currently online.

>