Botconf Author Listing

Adrian Korczak

Last known affiliation: C.H. Robinson

Date: 2019-12-04
Tracking botnets with Long Term Sandboxing
Piotr Białczak 🗣 | Adrian Korczak 🗣

Abstract (click to view)

Sandbox systems have become an efficient way to analyze malware behavior. They can provide information about malware in a quick and automatic manner. However their analysis time is usually limited only to a couple of minutes, thus preventing observation of malware behavior in the long run and noticing interesting changes. To resolve these issues, we have created a Long Term Sandboxing system (LTS), which provides means for prolonged automatic analysis of malware behavior. In our presentation we will show how we use it to track botnets – both their infrastructure and operations. Our system has been augmented with network traffic and system resources analyses, providing means for network protocols investigation, including DNS, HTTP(S) and SMTP.

Slides Icon
Scroll to Top