Questions tagged [sandbox]
Software that keeps a specific process execution under control, typically by reducing its rights on the system, and preventing malicious operations.
10
questions
1
vote
0
answers
22
views
Differences between Mach Services and XPC Services in macOS Sandbox Profiles
I am trying to learn more about IPC implementations (mach/xpc) and how corresponding services are managed using sandbox profiles on macOS.
After looking at many different profiles, I have learned that ...
2
votes
1
answer
98
views
CAPE-sandbox signatures
When I submit a PDF file to analyse, it triggers a signature called stealth_file. I just added the alerted path into the whitelist as shown, but it didn't solve the problem.
How to resolve it?
2
votes
0
answers
77
views
Is it possible to enhance CAPEv2 detection?
I have used the Flare-CAPA plugin on IDA to help me with reverse engineering. Could I use these rules to enhance the detection of CAPEv2 sandbox?
In general: How to enhance CAPEv2 sandbox detection?
2
votes
2
answers
179
views
Malware Samples that defeats emulators by using uncommon API calls [closed]
I am looking for a few malware samples that detects sandboxes using uncommon API calls. I understand that one of the drawbacks of OS emulated sandboxes is that the malware can use uncommon API calls ...
1
vote
1
answer
143
views
RtlCheckSandboxedToken
Does anyone know what is the purpose of RtlCheckSandboxedToken() in ntdll.dll,
i cannot find any documentation,
its prototype is:
NTSYSAPI
NTSTATUS
NTAPI
RtlCheckSandboxedToken(
_In_opt_ HANDLE ...
1
vote
2
answers
122
views
Test malware files in host machine?
To analyze malware files we are using virtual machine and virtual box but some of malware detect the environment and will not do its work properly.
I want to know how to test malware files with out ...
0
votes
2
answers
1k
views
sandbox for analyzing network traffic
I am in search of looking an open source sandbox that has the following features:
- route my network traffic to the sandbox for analysis
- perform analysis on network traffic to detect malicious ...
1
vote
2
answers
2k
views
Anti-VM and anti-sandbox malware samples
I'm learning malware analysis.
I'm looking for malware samples that terminate themselves when recognize working on a VM or sandbox.
Thanks.
76
votes
9
answers
86k
views
Analyzing highly obfuscated JavaScript
I was recently analyzing a web page that contained some highly obfuscated JavaScript - it's clear that the author had went through quite a bit of effort to make it as hard to understand as possible. I'...
67
votes
4
answers
6k
views
How can I analyze a potentially harmful binary safely?
I've recently managed to isolate and archive a few files that managed to wreak havoc on one of my client's systems. So I was wondering what software and techniques make the best sandbox for isolating ...