Tycho 1.2 released with Process Listing, Cuckoo Sandbox Integration and Autostart Breakpoints

January 7 2019

by Florian Pester

We are proud to announce that today we are releasing Tycho 1.2. This release features Process Listing, Cuckoo Sandbox Integration and the Autostart Semantic Breakpoint.

Process Listing

With Tycho 1.2 you can now get a list of running processes and information about them directly from the Python API. This enables you to react to new processes or closed processes and it makes it easier to connect to processes automatically.

Windows Process Listing displayed on a Webserver
Windows Process Listing displayed on a Webserver

In our next release we will make this even better with the ability to connect to processes with their ID instead of their name. This will allow for completely automatic tracking of new processes via the Python API.

Cuckoo Sandbox Integration

A lot of people are interested in using Tycho’s advanced sensors in a completely automated Sandbox fashion. To a malware sample that is trying to hide itself, Tycho looks just like a bare-metal machine. This means the sandbox is completely invisible to a malware sample.

On top of the invisibility Tycho offers memory dumps and all its other sophisticated analysis features within Cuckoo Sandbox now.

We will release a special version of Cuckoo Sandbox that works with Tycho soon.

Autostart Semantic Breakpoint

We now have a Semantic Breakpoint that triggers whenever an application adds itself to the Windows Autostart. This is very helpful in reversing droppers. The Autostart Breakpoint can be set via the Python API or when manually looking at a sample with IDA Pro.

Take a look at our new tycho-recipes repository that contains examples on how to use Tycho effectively.

Our underlying Secure Virtualization Platform now features support for hardware-accelerated APIC virtualization, which considerably improves performance on hardware with that feature.

Future versions of Tycho will introduce further high-level Semantic Breakpoints, to allow for easy tracking of Execute-after-Write events or network activity.

Tracking Windows System Calls via a webpage
Tracking Windows System Calls via a webpage

Learn More or Get a Demo

Learn more about Tycho on our Tycho product page. If you have any questions you can also contact us via e-mail at service@cyberus-technology.de, use our contact form or call us at +49 175 431 66 77.


Share this article: