Improving the exploit harversting system

OData support
Dr. Bencsáth Boldizsár
Department of Networked Systems and Services

The In-the-wild-exploit-feed (ITWEF) is a distributed system, which primary goal is to crawl and analyze malicious websites from externally supplied URL lists, to detect ones which can infect unprotected computers, as websites often contain elements that can easily infect an everyday computer user. The main functions of ITWEF are automatically visiting web pages on virtual machines, measurement and analysis of the processes during the web page visit, detection of possible infections and malicious processes. In sandbox environments or automatized systems like ours, this is a rare phenomenon, because malicious actors employ anti-sandbox (or sandbox detecting) technologies, with workings mostly unknown to researchers. In my thesis, the reader is

presented my work, consisting: analysis of the initial version and state of ITWEF, measurements and additions to the system, including: tuning the configuration of the virtual machines, the scheduling of the page visits, the browser in use, implementation of anti-anti-sandbox solutions, addition of a function to easily extract potentially malicious executables, addition and modification of infection detecting heuristics.


Please sign in to download the files of this thesis.