Abstract: A modified accessor function call is provided to the client device by a clientless VPN in conjunction with a browsing session performed by the client device via the clientless VPN. A native accessor function call is received at a client device. The modified accessor function call is executed at the client device, including by using the native accessor function call.

Abstract: A native web storage function call is received at a client device. A modified browser storage function call is executed, to facilitate browser storage associated with a clientless VPN. The modified browser storage function call executes a call to the native browser storage function call to facilitate access to the browser storage.

Abstract: A native web storage function call is received at a client device. A modified web storage function call is executed, to facilitate web storage associated with a clientless VPN. The modified web storage function call executes a call to the native web storage function call to facilitate access to the web storage.

Abstract: Techniques for rendering an object using multiple versions of an application in a single process for dynamic malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for rendering an object using multiple versions of an application in a single process for dynamic malware analysis includes receiving a sample at a cloud security service, in which the sample includes an embedded object; detonating the sample using a browser executed in an instrumented virtual machine environment; and rendering the embedded object using a plurality of versions of an application in a single process during a dynamic malware analysis using the instrumented virtual machine environment.

Abstract: A modified accessor function call is provided to the client device by a clientless VPN in conjunction with a browsing session performed by the client device via the clientless VPN. A native accessor function call is received at a client device. The modified accessor function call is executed at the client device, including by using the native accessor function call.

Abstract: A client device requests a web page, via a clientless VPN. In response to the request, web page content comprising dynamic content is received at the clientless VPN. The clientless VPN inserts a wrapper function around the dynamic content, forming modified web content. The client device is provided with the modified web content.

Abstract: A native web storage function call is received at a client device. A modified web storage function call is executed, to facilitate web storage associated with a clientless VPN. The modified web storage function call executes a call to the native web storage function call to facilitate access to the web storage.

Abstract: Techniques for rendering an object using multiple versions of an application in a single process for dynamic malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for rendering an object using multiple versions of an application in a single process for dynamic malware analysis includes receiving a sample at a cloud security service, in which the sample includes an embedded object; detonating the sample using a browser executed in an instrumented virtual machine environment; and rendering the embedded object using a plurality of versions of an application in a single process during a dynamic malware analysis using the instrumented virtual machine environment.

Abstract: Techniques for rendering an object using multiple versions of an application in a single process for dynamic malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for rendering an object using multiple versions of an application in a single process for dynamic malware analysis includes receiving a sample at a cloud security service, in which the sample includes an embedded object; detonating the sample using a browser executed in an instrumented virtual machine environment; and rendering the embedded object using a plurality of versions of an application in a single process during a dynamic malware analysis using the instrumented virtual machine environment.

Abstract: Various techniques for detection of malware that attempt to exploit a memory allocation vulnerability are disclosed. In some embodiments, a system, process, and/or computer program product for detecting an attempt to exploit a memory allocation vulnerability includes receiving a malware sample; monitoring an array operation performed by the malware sample using a memory monitoring component; and determining whether the array operation performed by the malware sample is suspicious. For example, an array operation, such as a vector operation performed by an application that is executed using an ActionScript virtual machine, can be monitored to detect any suspicious vector operations.

Abstract: Various techniques for detection of malware that attempt to exploit a memory allocation vulnerability are disclosed. In some embodiments, a system, process, and/or computer program product for detecting an attempt to exploit a memory allocation vulnerability includes receiving a malware sample; monitoring an array operation performed by the malware sample using a memory monitoring component; and determining whether the array operation performed by the malware sample is suspicious. For example, an array operation, such as a vector operation performed by an application that is executed using an ActionScript virtual machine, can be monitored to detect any suspicious vector operations.

Abstract: Various techniques for performing malware analysis of a URL (e.g., a URL sample) using a browser executed in an instrumented virtual machine environment are disclosed.

Abstract: Various techniques for detection of malware that attempt to exploit a memory allocation vulnerability are disclosed. In some embodiments, a system, process, and/or computer program product for detecting an attempt to exploit a memory allocation vulnerability includes receiving a malware sample; monitoring an array operation performed by the malware sample using a memory monitoring component; and determining whether the array operation performed by the malware sample is suspicious. For example, an array operation, such as a vector operation performed by an application that is executed using an ActionScript virtual machine, can be monitored to detect any suspicious vector operations.

Abstract: Various techniques for performing malware analysis of a URL (e.g., a URL sample) using a browser executed in an instrumented virtual machine environment are disclosed.

Abstract: In some embodiments, a malware analysis system includes receiving a potential malware sample from a firewall; analyzing the potential malware sample using a virtual machine to determine if the potential malware sample is malware; and automatically generating a signature if the potential malware sample is determined to be malware. In some embodiments, the potential malware sample does not match a preexisting signature, and the malware is a zero-day attack.

Abstract: Various techniques for performing malware analysis of a URL (e.g., a URL sample) using a browser executed in an instrumented virtual machine environment are disclosed.

Abstract: In some embodiments, a malware analysis system includes receiving a potential malware sample from a firewall; analyzing the potential malware sample using a virtual machine to determine if the potential malware sample is malware; and automatically generating a signature if the potential malware sample is determined to be malware. In some embodiments, the potential malware sample does not match a preexisting signature, and the malware is a zero-day attack.

Abstract: In some embodiments, a malware analysis system includes receiving a potential malware sample from a firewall; analyzing the potential malware sample using a virtual machine to determine if the potential malware sample is malware; and automatically generating a signature if the potential malware sample is determined to be malware. In some embodiments, the potential malware sample does not match a preexisting signature, and the malware is a zero-day attack.

Abstract: In some embodiments, a malware analysis system includes receiving a potential malware sample from a firewall; analyzing the potential malware sample using a virtual machine to determine if the potential malware sample is malware; and automatically generating a signature if the potential malware sample is determined to be malware. In some embodiments, the potential malware sample does not match a preexisting signature, and the malware is a zero-day attack.