Claudio Guarnieri (Security Researcher, iSIGHT Partners)

PRESENTATION TITLE: One Flew Over the Cucukoo’s Nest: Automated Malware Analysis

PRESENTATION ABSTRACT:

Cuckoo Sandbox is an open source automated malware analysis system. It started as a Google Summer of Code 2010 project with The Honeynet Project and evolved into being one of the most appreciated and popular open source sandbox solutions.

Its goal is to provide a way to automatically analyze files and collect comprehensive results describing and outlining what such files do while executed inside an isolated environment. It’s mostly used to analyze Windows executables, DLL files, PDF documents, Office documents, PHP scripts, Python scripts, Internet URLs and almost anything else you can imagine. In this presentation we’ll discuss about open source sandboxing, we’ll dive into the design and development of Cuckoo and we’ll kick off from regular usage and move into more juicy experiments, playing with APTs, exploits and banking trojans of every flavor.

ABOUT CLAUDIO GUARNIERI

Claudio is a Security Researcher at iSIGHT Partners, where he is daily involved with malwares, botnets, cybercrime and general Internet badness. After work, he usually enjoys some relax time still on malwares and botnets while being core member of The Shadowserver Foundation and of The Honeynet Project.  In the renounced sleep time he develops an open source malware analysis sandbox called Cuckoo Sandbox and maintains Malwr.com.