Advanced persistent threat and targeted malware defense
First Claim
Patent Images
1. A method, comprising:
- receiving, at a computer system, data from one or more data feeds;
obtaining, with the computer system, a binary object based on the data;
loading, with the computer system, the binary object onto a sandboxed system;
executing the binary object with the sandbox system, wherein the binary object that is executed comprises at least one of an email attachment, an application, a program, a media file, a web browser visiting a suspicious URL, a document, an executable file, or a compressed file;
searching, with the computing system, for vulnerabilities in hardware or an operating system of the sandboxed system using a hardware debugger interface by feeding streams of random or malformed data to the sandboxed system;
analyzing, with the computer system, operation of the sandboxed system to determine whether the binary object includes a malware payload; and
based on a determination that the binary object includes a malware payload, generating, with the computer system, a report indicating that the binary object includes a malware payload.
0 Assignments
0 Petitions
Accused Products
Abstract
Novel tools and techniques are implemented for providing computer security. In various embodiments, a computer system might receive data from one or more data feeds, might obtain a binary object based on the data, might load the binary object onto a sandboxed system, and might execute the binary object with the sandbox system. The computer system might analyze operation of the sandboxed system to determine whether the binary object includes a malware payload, and might, based on a determination that the binary object includes a malware payload, generate a report indicating that the binary object includes a malware payload.
-
Citations
60 Claims
-
1. A method, comprising:
-
receiving, at a computer system, data from one or more data feeds; obtaining, with the computer system, a binary object based on the data; loading, with the computer system, the binary object onto a sandboxed system; executing the binary object with the sandbox system, wherein the binary object that is executed comprises at least one of an email attachment, an application, a program, a media file, a web browser visiting a suspicious URL, a document, an executable file, or a compressed file; searching, with the computing system, for vulnerabilities in hardware or an operating system of the sandboxed system using a hardware debugger interface by feeding streams of random or malformed data to the sandboxed system; analyzing, with the computer system, operation of the sandboxed system to determine whether the binary object includes a malware payload; and based on a determination that the binary object includes a malware payload, generating, with the computer system, a report indicating that the binary object includes a malware payload. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58)
-
-
59. A system, comprising:
-
a plurality of sandboxed computers, each comprising a main system board; a management computer in communication with the plurality of sandboxed computers, the management computer comprising; one or more processors; and a computer readable medium in communication with the one or more processors, the computer readable medium having encoded thereon a set of instructions executable by the computer system to perform one or more operations, the set of instructions comprising; instructions for downloading a binary object on to each of one or more of the plurality of sandboxed computers, such that each of the one or more of the plurality of sandboxed computers executes or opens the binary object, wherein the binary object that is executed comprises at least one of an email attachment, an application, a program, a media file, a web browser visiting a suspicious URL, a document, an executable file, or a compressed file; instructions for searching for vulnerabilities in hardware or an operating system of the sandboxed system using a hardware debugger interface by feeding streams of random or malformed data to the sandboxed system; instructions for analyzing operation of the sandboxed system to determine whether the binary object includes a malware payload; and instructions for, based on a determination that the binary object includes a malware payload a report indicating that the binary object includes a malware payload. - View Dependent Claims (60)
-
Specification