Windows Sandbox and InstallWatchPro – perfect Windows Lab environment – Digitalmunition




Home Forums Windows Sandbox and InstallWatchPro – perfect Windows Lab environment

This topic contains 1 reply, has 2 voices, and was last updated by  trizzosk 2 months ago.

  • Author
    Posts
  • #230694

    anonymous
    Participant

    If you want a quick and dirty lab to explode untrusted “things”, those two together seem to be phenomenal. Full disclosure: I have not extensively tested sandbox detection (which I think would fail, so the advanced stuff will not execute) or vectors for sandbox escape. For the amateur the before and after from InstallWatchPro is probably all you’ll need.

    ProTip: Run the InstallWatch Pro executable in Windows XP compatibility mode

    ProTip2: Be careful where you download that unsupported software from, hash it to make sure.

  • #230695

    trizzosk

    Honestly – once I download pretty advanced malware attached in email (as a part of investigation). I run it on a clean machine, without network connectivity and inside Windows Sandbox (where I put all my process explorers and network sniffers used) and the malware did not detect that is running in sandboxed environment. I think its just a matter of time when malware producers will find a way how to detect Windows Sandbox.

You must be logged in to reply to this topic.