Home / Series / BSides Las Vegas / Aired Order / Season 2013 / Episode 34

A Fire In The Eye

Signatureless attack detection is becoming the hot topic in threat prevention. Client side security vulnerabilities are often found in zero day exploits in the wild, meaning that signature based intrusion detection and prevention systems are not likely to catch these attacks. Signatureless detection systems are designed to detect these kinds of attacks and they do provide some additional layer of security. One of the techniques deployed by signatureless is called sandboxing. In sandboxing , the signatureless attack detection systems executes files that are being transferred in networks in sandbox. They carefully instrument the execution and based on that determine if the file was malicious. We have analyzed signatureless detection and particularly the sandboxing technique, and we have and found several issues in the concept. We have also found ways to completely evade sandboxing. We have taken some peeks into one of the market leading sandboxing product and will discuss about our findings. In this presentation we will highlight the problems we have identified in signatureless attack detection and sandboxing, and present our findings regarding one of the market leading product. The attendees will better understands limits of these systems. Even though they do provide additional layer of security, there are issues one should know.

English
  • Originally Aired August 1, 2013
  • Created July 4, 2019 by
    Administrator admin
  • Modified July 4, 2019 by
    Administrator admin
Name Type Role
Olli-Pekka Niemi Guest Star
Antti Levomaki Guest Star