DRAKVUF Sandbox: Open source, self-hosted malware sandbox in hypervisor
DRAKVUF Sandbox - Open source, self-hosted malware sandbox in hypervisor
Please don’t be scared if you don’t know what “sandboxes” are for. The presentation will introduce some basic information and will feature some funny demos :) DRAKVUF Sandbox is a self hosted, open source dynamic malware analysis system that uses cutting edge monitoring techniques. Currently, it is the only open, actively developed system that uses the technique of virtual machine introspection (VMI). By using this technology, it is possible to analyze malware adapted to avoid regular sandboxes, as well as more in-depth monitoring of the actions taken by the sample in the system. During the talk, we will briefly introduce DRAKVUF's ecosystem, explain what is Virtual Machine Introspection, how it's different from regular approach to sandboxing, what are the unique challenges with development of such systems, how analysts could benefit on that and how to integrate it into your own malware processing pipeline.