DC480 - Cuckoo Sandbox Setup: Malware Detection Through Detonation

IT Security Analyst Mark Demarest will be presenting a Cuckoo Sandbox Setup: Malware Detection Through Detonation workshop for the Arizona Hacker Collective DefCon Group - Four Eight Zero on Tuesday, May 14, 2019.

This workshop is a crash course for anyone wanting to detonate malware and set up a Cuckoo Sandbox. Students will receive hands-on experience in Cuckoo Sandbox’s malware analysis, reverse-engineering, and forensic capabilities. By providing step-by-step instructions throughout setup and first-time use, this workshop will remove the complexity and frustration of setting up Cuckoo Sandbox alone.

To help students become familiar with Cuckoo Sandbox’s rich feature set, the workshop is divided into two parts:

  1. Building a Cuckoo environment
  2. Using the environment on malware

After walking students through the setup process, the instructor will provide targeted learning exercises that will allow students to demo their malware sandboxes by detonating live malware samples. During the detonation phase, the instructor will briefly review lessons in basic malware triage and dynamic malware analysis.

Although online guides for Cuckoo Sandbox may provide instructions, they do not offer in-depth tutorials on additional features or provide user support and feedback. This workshop will address these issues by teaching students malware triage and detonation techniques and by giving attendees real-time assistance from a qualified instructor. Students who attend this workshop will gain the confidence to set up Cuckoo Sandbox and perform malware triage on their own.

DC480 is a closed, invite only group. Any active DC480 member can invite others after they have attended their first meeting. If you would like to attend, but don’t know anyone in 480, reach out to DC480 via email at az480dc@gmail.com.