Skip to main content
Reverse Engineering

Return to Question

Tweeted twitter.com/#!/StackReverseEng/status/319207321031020544
trying to make the title less poll-like
Link
edit approved Mar 21, 2013 at 7:03
Igor Skochinsky
edit approved Mar 21, 2013 at 7:03
Igor Skochinsky
  • 37k
  • 7
  • 66
  • 116

What is the best sandbox for dissecting How can I analyze a potentially harmful binary safely?

Post Reopened by Mellowcandle, Igor Skochinsky, George V. Williams, APerson, Adam Caudill
Post Closed as "not constructive" by JMcAfreak, WPrecht, asheeshr, qbi, CommunityBot
changed a few words to not make it a polling question
Source Link
edit approved Mar 20, 2013 at 6:36
markovchain
edit approved Mar 20, 2013 at 6:36
markovchain
  • 103
  • 1

I've recently managed to isolate and archive a few files that managed to wreak havoc on one of my client's systems. So I was wondering what software and techniques make the best sandbox for isolating the code and digging into it to find out how it works.

Usually, up to this point in time I would just fire up a new VMWare or QEMU instance and dig away, but I am well aware that some well-written malware can break out of a VM relatively easily. So I am looking for techniques (Like using a VM with a different emulated CPU architecture for example.) and software (Maybe a sandbox suite of the sorts?) to mitigate the possibility of the code I am working on "breaking out".

What techniques do you all userecommend? What software do you all userecommend?

I've recently managed to isolate and archive a few files that managed to wreak havoc on one of my client's systems. So I was wondering what software and techniques make the best sandbox for isolating the code and digging into it to find out how it works.

Usually, up to this point in time I would just fire up a new VMWare or QEMU instance and dig away, but I am well aware that some well-written malware can break out of a VM relatively easily. So I am looking for techniques (Like using a VM with a different emulated CPU architecture for example.) and software (Maybe a sandbox suite of the sorts?) to mitigate the possibility of the code I am working on "breaking out".

What techniques do you all use? What software do you all use?

I've recently managed to isolate and archive a few files that managed to wreak havoc on one of my client's systems. So I was wondering what software and techniques make the best sandbox for isolating the code and digging into it to find out how it works.

Usually, up to this point in time I would just fire up a new VMWare or QEMU instance and dig away, but I am well aware that some well-written malware can break out of a VM relatively easily. So I am looking for techniques (Like using a VM with a different emulated CPU architecture for example.) and software (Maybe a sandbox suite of the sorts?) to mitigate the possibility of the code I am working on "breaking out".

What techniques do you recommend? What software do you recommend?

edited tags
Link
Gilles 'SO- stop being evil'
Gilles 'SO- stop being evil'
  • 1.4k
  • 13
  • 23
Don't add "thanks" to posts (or any other signatures).
Source Link
edit approved Mar 19, 2013 at 23:45
Smi
edit approved Mar 19, 2013 at 23:45
Smi
  • 136
  • 1
  • 2
  • 9
Source Link
Archenoth
Archenoth
  • 1.5k
  • 13
  • 17