API Hooking
Ok, I admit it. I stumbled to these words once I read literatures on CWSandbox from Mannheim. Since in Nepenthes we can simply send the newly fetched binaries to the sandboxes, I was like triggered to know what was executed behind them.
The method being called as API hooking. The other similar solution being used by Joebox, developed by postgrad student from Switzerland.
Anubis from Vienna in the other way around use QEMU ... but if you google around you will see there is one paper written by Symantec researcher refuting on the usage of virtual machines.
Ok, I admit it. I stumbled to these words once I read literatures on CWSandbox from Mannheim. Since in Nepenthes we can simply send the newly fetched binaries to the sandboxes, I was like triggered to know what was executed behind them.
The method being called as API hooking. The other similar solution being used by Joebox, developed by postgrad student from Switzerland.
Anubis from Vienna in the other way around use QEMU ... but if you google around you will see there is one paper written by Symantec researcher refuting on the usage of virtual machines.
Comments