Testing malware or bad url’s from a SIEM
What would be a good approach for testing malware or bad URL’s from things picked up from my SIEM to validate them? I was told to set up a VM for these tests but don’t want it to hit the internal network.
Category Archives: sandbox
Multisandbox project welcomes ReaQta-Hive
We are pleased to announce the addition of ReaQta-Hive to the multisandbox project, after the integrations of Tencent Habo, VirusTotal Droidy, Cyber adAPT ApkRecon, and Dr. Web vxCube. The unique new feature that this integration brings is XSL documen… Continue reading Multisandbox project welcomes ReaQta-Hive
Security risks of using ffmpeg as part of web service
I’m working on a web service that uses ffmpeg on the backend for processing user uploaded media files. I’m giving the users some options to customize how their videos are processed, which is essentially parameterize the ffmpeg command.
I’m… Continue reading Security risks of using ffmpeg as part of web service
Cuckoo sandbox vs VM introspection for malware analysis
I’m trying to dig a bit more into dynamic malware analysis and currently need to decide which tool to use.
Cuckoo sandbox looks like the standard but it is certainly easier to detect than introspection. As VM introspection is… Continue reading Cuckoo sandbox vs VM introspection for malware analysis
sandboxing IoCs and signatures
Sandboxes are used for automated extraction of indicators of compromise (IoCs) that can be used to write signatures. Can this signature then be used, for example, on an IPS system to block certain actions?
How can I block access to module for Firefox? (gmail accessing camera)
I run the following command in the background constantly to check for camera access on Ubuntu Linux:
lsmod | grep ^uvcvideo
I noticed that every time I load into gmail my check is triggering my kernel’s camera module. I as… Continue reading How can I block access to module for Firefox? (gmail accessing camera)
As of now, what Ubuntu versions fully sandbox snap packages?
I read this article about how snap packages don’t really provide much security in Ubuntu 16.04 LTS, but since that seems like a limitation in Unity, I was wondering whether it was solved in alternative flavors of the 16.04 us… Continue reading As of now, what Ubuntu versions fully sandbox snap packages?
6 Best Practices to Make the Most of Your Sandbox Proof of Concept
Any time you incorporate a major new component—such as a sandbox platform—into your security ecosystem, it’s important to do a rigorous, side-by-side evaluation of competing products to determine the best choice for your situation. But a proof of conc… Continue reading 6 Best Practices to Make the Most of Your Sandbox Proof of Concept
If a host is infected is the sandbox environment infected?
Say my host machine is infected and I have a sandbox program. Will that sandbox environment then be infected also?
If the answer is yes, what if I have an AV running inside of the sandbox. Will it allow for a safe sandbox e… Continue reading If a host is infected is the sandbox environment infected?
Search function in Outlook and attachements
I am wondering how the search function of Outlook is working, especially in regards to researching key words that are presents in emails attachements. Does the Outlook search function opens the files as it would do in preview… Continue reading Search function in Outlook and attachements