or I would like to call this as “Battle of Boxes.”
Hello there! It’s been a while since I last wrote my article here on Medium because I lost my motivation and got uninspired (so since you are writing again, did you get your motivation back? HAH good one but still no though) anyway hello! I wrote some few articles that you might interested in:
- HACKING Central-Infosec{Maria_DB}
- HACKING Central-Infosec{PostgreSQL}
- Novice guide to Malware Analysis
- 12 Cybersecurity tools I learned in 2021
Before anything else, Stream Taylor Swift on Spotify please :) Where my swifties at?!
DISCLAIMER: THIS IS A VERY SHORT POST.
As someone who’s into analyzing Malware and other malicious stuff, I am obliged to build my own Dirty VM (What is a Dirty VM? this is the place where you can run and detonate those malicious files that were sent to your email by some cybercriminal WITHOUT infecting your physical host but please don’t if you are not fully equipped to do so.)
Another thing, if you are building your own Dirty VM you will probably forget your password after some months, it happens and it’s totally ok.
Someone mentioned to me that there’s this called “Windows Sandbox” on Windows! Wow, I spend a lot of time building my own VM and there’s one that is built by MSFT?! Yeah… There are limitations to using Windows Sandbox. First, I’m gonna list the things that your own VM can do:
- You can customize your settings through your VM of choice (I use Oracle VirtualBox, I’m a fan)
- You can run multiple stuff at once:
- You can have those VMs communicate with each other (PING PING PING PINGGGG)
- You can run files on your VM of choice.
- You can use different tools for your malware analysis.
- You can tweak the Network Settings of each of your VM:
And sure, there’s a lot more. Windows Sandbox on the other hand:
- You can also run files on Windows Sandbox.
- You can definitely run different tools for your analysis (Hello my favorite PEStudio)
- You can only run the Windows Sandbox one at a time, here’s an example whenever I try to open another Windows Sandbox while another Windows Sandbox is open:
- Your physical host and your Windows Sandbox can communicate with each other UNLESS you disable the network adapter. Please keep that in mind before you run a malicious file on your Windows Sandbox.
- If you close the Windows Sandbox, everything you did will be deleted and lost. If you open another, it will be very fresh Windows Sandbox.
3 things I like doing on my own VM that I cannot do on Windows Sandbox:
- Create multiple VMs that can communicate with each other
- Setup a fake internet simulator for my two VMs.
- Create snapshots
So, to sum it up, yes Windows Sandbox is a great tool for malware analysis however, I think it has limitations when it comes to tools that you want to use for digging things deeper. You can learn more on how to install the Windows Sandbox here: Windows Sandbox — Windows Security | Microsoft Learn
And don’t worry, someone (me that’s me) once said: “Being in Infosec also means endless setting up of VMs.”
As my way of saying thank you for reading, here’s a meme:
