Mitigating Anti-Sandboxing Tricks used by Malware (available)

Starting Date: Summer 2020
Duration: 10-12 weeks
Time commitment: 20 hours a week
Prerequisites: Good programming skills, particularly C, C++, Python, and knowledge of Windows/Linux internals

Aims: Detecting and Mitigating some Evasion Techniques used by Malware

Background: Several malware samples exploit advanced tactics to detect whether they are run in a sandboxed/virtual analysis environment. In such cases, malware samples do not perform any malicious actions to evade analysis and detection by security researchers. The goal of the project is to analyse some targets of anti-sandboxing techniques used by malware (e.g., registry keys, reverse Turing test, loaded libraries, process list) and propose/develop some countermeasures to mitigate these evasion attacks, by testing them on existing evasion tools.

Some references:

https://dl.acm.org/citation.cfm?id=3150378
https://arxiv.org/pdf/1811.01190.pdf
https://github.com/a0rtega/pafish
https://github.com/LordNoteworthy/al-khaser
https://github.com/joesecurity/pafishmacro