Table Of Content

REFERENCE THIS: SANDBOX EVASION USING VBA REFERENCING WHOAREWE Amit Dori Aviv Grafi Security Researcher, Votiro CEO, Votiro • • Graduate of Israeli Army’s elite 28 years old from Tel-Aviv. 8200 intelligence unit. • BSC in Computer Science, BA in • Over 15 years of experience in Psychology from TAU. telecommunications and InfoSec. • • Formerly researched Exploit Kits at Inventor of Votiro’s enterprise protection solutions. Check Point. • BSC in Computer Science, BA in • Skate, swim, guitar. economics, MBA from TAU. • Sushi, running, quiet walks along the beach. HITB Amsterdam 2018: 11.4 – 14.4 ABSTRACT Sandbox had become a standard security solution in organizations nowadays which makes it a prime target. This talk will demonstrate a new way to perform sandbox evasion. In contrast to common evasion techniques, our technique doesn’t require code execution to detect the sandbox environment. HITB Amsterdam 2018: 11.4 – 14.4 ABSTRACT Evasion Detection Sandbox Evasion techniques Sandbox-user Differences VBA Referencing Server-Side Sandbox Detection HITB Amsterdam 2018: 11.4 – 14.4 RELEVANT BACKGROUND We assume familiarity with the following concepts: 1 2 VBA macros Office Protected View 3 4 Sandbox solutions Tracking pixels HITB Amsterdam 2018: 11.4 – 14.4 SANDBOX EVASION With the introduction of the sandbox, malware authors have introduced Sandbox Evasion. The term is used to describe all the techniques utilized to identify a sandbox, trick it, manipulate it and evade it. HITB Amsterdam 2018: 11.4 – 14.4 SANDBOX EVASION TECHNIQUES Detect the sandbox: detect virtualization Hypervisor, Virtualization DLLs, Side channels, unusual hardware Detect the sandbox: Artificial Environment Username, Cookies and browser history, recent file count, screen resolution, Old vulnerabilities, Running processes HITB Amsterdam 2018: 11.4 – 14.4 SANDBOX EVASION HITB Amsterdam 2018: 11.4 – 14.4 SANDBOX EVASION TECHNIQUES Evade the sandbox: Defeat the Monitor Remove hooks, work around hooks, delay execution Evade the sandbox: Context Aware Require user interaction, check date and time-zone, encrypted payload HITB Amsterdam 2018: 11.4 – 14.4 SANDBOX EVASION All of the mentioned techniques, require code execution (sandbox-side) in order to collect the data and analyze it. As a result, most of these techniques can be identified by static analysis tools which will flag the file as suspicious prior to execution. Furthermore, the actions executed to fingerprint the system are flagged as evasion techniques - which immediately raise a warning flag. HITB Amsterdam 2018: 11.4 – 14.4

Description:

one must dive into the macros bible: MS-OVBA document. [MS-OVBA]:. Office VBA File Format Structure. Intellectual Property Rights Notice for Open.

Aviv Grafi & Amit Dori - Sandbox Evasion Using VBA Referencing PDF

44 Pages·2017·1.31 MB·English

by Amit Dori

Checking for file health...

Download

Upgrade Premium

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Download Aviv Grafi & Amit Dori - Sandbox Evasion Using VBA Referencing PDF Free - Full Version

by Amit Dori| 2017| 44 pages| 1.31| English

Download Aviv Grafi & Amit Dori - Sandbox Evasion Using VBA Referencing by Amit Dori in PDF format completely FREE. No registration required, no payment needed. Get instant access to this valuable resource on PDFdrive.to!

Free Download PDF

About Aviv Grafi & Amit Dori - Sandbox Evasion Using VBA Referencing

one must dive into the macros bible: MS-OVBA document. [MS-OVBA]:. Office VBA File Format Structure. Intellectual Property Rights Notice for Open.

Detailed Information

Author:	Amit Dori
Publication Year:	2017
Pages:	44
Language:	English
File Size:	1.31
Format:	PDF
Price:	FREE

Download Free PDF

Safe & Secure Download - No registration required

Why Choose PDFdrive for Your Free Aviv Grafi & Amit Dori - Sandbox Evasion Using VBA Referencing Download?

100% Free: No hidden fees or subscriptions required for one book every day.
No Registration: Immediate access is available without creating accounts for one book every day.
Safe and Secure: Clean downloads without malware or viruses
Multiple Formats: PDF, MOBI, Mpub,... optimized for all devices
Educational Resource: Supporting knowledge sharing and learning

Frequently Asked Questions

Is it really free to download Aviv Grafi & Amit Dori - Sandbox Evasion Using VBA Referencing PDF?

Yes, on https://PDFdrive.to you can download Aviv Grafi & Amit Dori - Sandbox Evasion Using VBA Referencing by Amit Dori completely free. We don't require any payment, subscription, or registration to access this PDF file. For 3 books every day.

How can I read Aviv Grafi & Amit Dori - Sandbox Evasion Using VBA Referencing on my mobile device?

After downloading Aviv Grafi & Amit Dori - Sandbox Evasion Using VBA Referencing PDF, you can open it with any PDF reader app on your phone or tablet. We recommend using Adobe Acrobat Reader, Apple Books, or Google Play Books for the best reading experience.

Is this the full version of Aviv Grafi & Amit Dori - Sandbox Evasion Using VBA Referencing?

Yes, this is the complete PDF version of Aviv Grafi & Amit Dori - Sandbox Evasion Using VBA Referencing by Amit Dori. You will be able to read the entire content as in the printed version without missing any pages.

Is it legal to download Aviv Grafi & Amit Dori - Sandbox Evasion Using VBA Referencing PDF for free?

https://PDFdrive.to provides links to free educational resources available online. We do not store any files on our servers. Please be aware of copyright laws in your country before downloading.

The materials shared are intended for research, educational, and personal use in accordance with fair use principles.