Skip to main content
Reverse Engineering

Questions tagged [sandbox]

Ask Question

Software that keeps a specific process execution under control, typically by reducing its rights on the system, and preventing malicious operations.

10 questions
Newest Active Bountied Unanswered
2 votes
0 answers
77 views

I am trying to learn more about IPC implementations (mach/xpc) and how corresponding services are managed using sandbox profiles on macOS. After looking at many different profiles, I have learned that ...
n0ne's user avatar
  • 21
2 votes
1 answer
118 views

When I submit a PDF file to analyse, it triggers a signature called stealth_file. I just added the alerted path into the whitelist as shown, but it didn't solve the problem. How to resolve it?
Raafat's user avatar
  • 163
2 votes
0 answers
98 views

I have used the Flare-CAPA plugin on IDA to help me with reverse engineering. Could I use these rules to enhance the detection of CAPEv2 sandbox? In general: How to enhance CAPEv2 sandbox detection?
Raafat's user avatar
  • 163
2 votes
2 answers
201 views

I am looking for a few malware samples that detects sandboxes using uncommon API calls. I understand that one of the drawbacks of OS emulated sandboxes is that the malware can use uncommon API calls ...
deTermInate's user avatar
  • 21
1 vote
1 answer
167 views

Does anyone know what is the purpose of RtlCheckSandboxedToken() in ntdll.dll, i cannot find any documentation, its prototype is: NTSYSAPI NTSTATUS NTAPI RtlCheckSandboxedToken( _In_opt_ HANDLE ...
n1h1l's user avatar
  • 41
1 vote
2 answers
151 views

To analyze malware files we are using virtual machine and virtual box but some of malware detect the environment and will not do its work properly. I want to know how to test malware files with out ...
xoreax's user avatar
  • 121
0 votes
2 answers
1k views

I am in search of looking an open source sandbox that has the following features: - route my network traffic to the sandbox for analysis - perform analysis on network traffic to detect malicious ...
user2942756's user avatar
  • 171
1 vote
2 answers
2k views

I'm learning malware analysis. I'm looking for malware samples that terminate themselves when recognize working on a VM or sandbox. Thanks.
Eran Atias's user avatar
  • 11
79 votes
9 answers
87k views

I was recently analyzing a web page that contained some highly obfuscated JavaScript - it's clear that the author had went through quite a bit of effort to make it as hard to understand as possible. I'...
Adam Caudill's user avatar
  • 993
67 votes
4 answers
6k views

I've recently managed to isolate and archive a few files that managed to wreak havoc on one of my client's systems. So I was wondering what software and techniques make the best sandbox for isolating ...
Archenoth's user avatar
  • 1,485