Collaborate Disseminate
Could somebody help me with the following questions:
Does a sandbox adds extra security over a virtual machine host-guest interaction, or does it only provide a security analysis (API call sequences etc.)? What would you recommend in term… Continue reading Build Ransomware analysis lab
user namespaces in Linux are presented as a security feature, which should increase security. But is this really true?
Is it possible that while user namespaces fix one kind of problem, they introduce another, unexpected, problem with pote… Continue reading user namespaces: do they increase security, or introduce new attack surface?
Can Cuckoo extract PE files from a memory dump or record the import table of the running process? I need to record the import table in PE not the called/executed API from the process.
There is Process-Dump which is able to extract PE from … Continue reading Cuckoo dump a PE file from a memory dump?
I’m currently working on malware evasions. As far as I know, malware can tell sandboxes from real user devices by examining device characteristics like wear and tear, looking for human-like behavior or making generic OS queries.
What are t… Continue reading How does a malware differentiate between a real user device from a sandbox? [duplicate]
Just wanted to ask how dangerous would it be to visit malicious links in a VM? The reason why I want to do this is to test out a tool I wrote that identifies malicious links from a database and attempts to block them. Are there ways to san… Continue reading How to ensure safety while visiting malicious links in a VM? [duplicate]
I normally use volatility to analyse memory dumps, however, in this case it doesn’t seem to be working. I get a "Symbol table not found" kind of error, even though I have downloaded and extracted all symbols tables and volatility… Continue reading How do I go about analysing VirusTotal and Hatching Triage’s memdumps?
Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires R&D leaders, AppSec engineers, and security professionals to ensure they i… Continue reading Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)
I have recently found out about the existence of virtual machines they can be used to run viruses in an isolated environment from the host computer, like virtual box, vmware and sandboxie. However, I’m told that viruses can still escape th… Continue reading How do I recklessly browse the web, download suspicious files and run them with as low a risk as possible? [duplicate]
Modern web browsers like Firefox, Chrome and Chromium based browsers are getting new features everyday. They also have PWA. Unlike Android, browsers on Windows, MacOS, Linux and BSD don’t run inside containers. So, the webapp can gain acce… Continue reading How much secure are modern browsers?
I published the following diary on isc.sans.edu: “Sandbox Evasion… With Just a Filename!“: Today, many sandbox solutions are available and deployed by most organizations to detonate malicious files and analyze their behavior. The main problem with some sandboxes is the filename used to submit the sample. The file can be
The post [SANS ISC] Sandbox Evasion… With Just a Filename! appeared first on /dev/random.
Continue reading [SANS ISC] Sandbox Evasion… With Just a Filename!