Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Security's Blog

Reduce Friction: extracting Sysmon logs with Joe Sandbox

Sysmon is a powerful tool to monitor endpoints, it is free and can be easily installed on many machines. It creates lots of log messages and stores them in the Windows event log. Those logs are usually routinely sent to a central log server such as Graylog, where blue teams can easily search them: To get meaningful search terms, blue teams often use sandboxes such as Joe Sandbox, to deeply analyze malware. However, the IOCs generated by sandboxes are many times not in the appropriate format to easily correlate them to the Sysmon events.


APT28: Digging through Sandbox-Evasions with Bare Metal Analysis

In October 2017, we blogged about the advantages of analyzing malware on bare metal machines. Bare metal analysis offers the possibility to perform dynamic analysis on real devices such as laptops or PCs. The bare metal analysis is not affected by virtual machine detection, which is a major check done by most malware nowadays: To demonstrate this, we analyzed a recent sample related to APT28/Grizzlybear which includes nine different evasion tricks. Spotting evasive Samples on Cloud Basic We have various triggers and alerts defined for our free online platform called Joe Sandbox Cloud Basic.


Analysing VPNFilter with Joe Sandbox Linux

Linux malware is becoming a hot topic in the security news headlines, as we see more and more recent malware targeting Linux operating systems. With more than 11 billion embedded devices with networking capabilities in 2018 (Gartner), bots targeting Internet of Things (IoT) have a bright future ahead. Mirai and VPNFilter are just some recent examples. Thus, it is the right time to step up! For some months, we have been working on a new product to analyze malware targeting Linux.


Older Posts