Monday, May 2, 2011

Reverse Hijacking Web AV Engines

Web anti virus engines are used explicitly to perform behavioral analysis on the active malware. Is it possible for us to run some controlled binary in order to trace all the information of cloud infrastructure of virtual machines that collaboratively perform analysis of malicious executables? We have proved that in the past it is possible to hijack (information extraction) from the hidden servers in the cloud used for malware analysis.

The technique discussed in the white-paper can be used in different scenarios in order to trick internal vmware servers to steal sensitive information and there by attacking in return. Goodwill Hunting :)

Reverse hacking proves beneficial in many scenarios.