SlideShare a Scribd company logo

Sandbox – Online, Offline

Download as PPTX, PDF
P
Pushkar Pashupat
Education
1 of 12
Sandbox – Online, Offline By Pushkar Null-The Open Secuirty Community
Sandbox… Sandbox may refer to: Limited, restricted environment for a specific purpose Litter box, an indoor box for cats to relieve themselves Sandpit or sandbox, a wide, shallow playground construction to hold sand often made of wood or plastic Sandbox (railways), a container that holds sand for use in improving rail adhesion in slippery conditions Sandboxing is a popular technique for creating confined execution environments, which could be be used for running untrusted programs. A sandbox limits, or reduces, the level of access its applications have — it is a container
Sandbox… Sandbox (computer security), a virtual container in which untrusted programs can be safely run Sandbox (software development), an online environment in which code or content changes can be tested without affecting the original system Sandbox Effect, in Google Internet search rankings
How it works… Basic two mechanism… Namespace isolation - agents are unable to manipulate resources that they cannot name. Access checks - discharge proof obligations of the form “agent A may manipulate resource R by method M“ Intercepting System calls Deny the system call, Audit the system call's invocation, Pre- process the arguments, Post-process the result, Replace the system call's implementation
Limitations… Sandboxing implementations suffer from five broad kinds of limitation: too much isolation not enough isolation non-portability non-usability design and implementation failures
Google Sandbox… Sandbox Effect, Technique that google uses to ran new website in its search results Check whether it is a genuine or a spam website
Others… Wikipedia Sandbox http://en.wikipedia.org/wiki/Wikipedia:Sandbox MySQL Sandbox http://en.wikipedia.org/wiki/Wikipedia:Sandbox Chrome http://dev.chromium.org/developers/design-documents/sandbox.
Malware Analysis… Online Anubis http://anubis.iseclab.org/ BitBlaze https://aerie.cs.berkeley.edu/ Comodo Instant Malware Analysis  http://camas.comodo.com/ Eureka http://eureka.cyber-ta.org/ JoeBox http://www.joebox.org/submit.php Norman Sandbox  http://www.norman.com/security_center/security_tools/submit_file/en Sunbelt Sandbox:  http://www.sunbeltsecurity.com/sandbox/ ThreatExpert http://www.threatexpert.com/ Xandora http://www.xandora.net/xangui/
Offline… Sandboxie http://www.sandboxie.com/index.php?DownloadSandboxie Autovin http://autovin.pandasecurity.my/ IDefenseLabs SysAnalyzer http://labs.idefense.com/software/ MandiantMemoryze, Red Curtain http://www.mandiant.com/products/free_software  
Additional Tools… Buster Sandbox Analyzer http://bsa.isoftware.nl/ Malware Analyser 2.8 : http://code.google.com/p/malwareanalyzer/
Lets check…
Thank you…Q&A ????

Recommended

Overview of linux kernel development
Overview of linux kernel developmentOverview of linux kernel development
Overview of linux kernel developmentPushkar Pashupat
 
Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014n|u - The Open Security Community
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingPushkar Pashupat
 
Sandboxing - Malware detection.pptx
Sandboxing - Malware detection.pptxSandboxing - Malware detection.pptx
Sandboxing - Malware detection.pptxArshadFarhad4
 
Modern sandbox escaping techniques
Modern sandbox escaping techniquesModern sandbox escaping techniques
Modern sandbox escaping techniquesMohsen Tahmasebi
 
Enabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using VirtualizationEnabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using Virtualizationamiable_indian
 
Sandbox Technology in AntiVirus
Sandbox Technology in AntiVirusSandbox Technology in AntiVirus
Sandbox Technology in AntiVirusAshish Gautam
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsLondon School of Cyber Security
 

Recommended

Overview of linux kernel development
Overview of linux kernel developmentOverview of linux kernel development
Overview of linux kernel developmentPushkar Pashupat
 
Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014n|u - The Open Security Community
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingPushkar Pashupat
 
Sandboxing - Malware detection.pptx
Sandboxing - Malware detection.pptxSandboxing - Malware detection.pptx
Sandboxing - Malware detection.pptxArshadFarhad4
 
Modern sandbox escaping techniques
Modern sandbox escaping techniquesModern sandbox escaping techniques
Modern sandbox escaping techniquesMohsen Tahmasebi
 
Enabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using VirtualizationEnabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using Virtualizationamiable_indian
 
Sandbox Technology in AntiVirus
Sandbox Technology in AntiVirusSandbox Technology in AntiVirus
Sandbox Technology in AntiVirusAshish Gautam
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsLondon School of Cyber Security
 
Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13drewz lin
 
Containers for sensor web services, applications and research @ Sensor Web Co...
Containers for sensor web services, applications and research @ Sensor Web Co...Containers for sensor web services, applications and research @ Sensor Web Co...
Containers for sensor web services, applications and research @ Sensor Web Co...Daniel Nüst
 
Red Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceRed Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceDon Anto
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks ShopJason Smith
 
Practical Occlusion Culling in Killzone 3
Practical Occlusion Culling in Killzone 3Practical Occlusion Culling in Killzone 3
Practical Occlusion Culling in Killzone 3Guerrilla
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareTyler Borosavage
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
 
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]Alex Pruden
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Cloud Computing Bootcamp On The Google App Engine v1.2.1
Cloud Computing Bootcamp On The Google App Engine v1.2.1Cloud Computing Bootcamp On The Google App Engine v1.2.1
Cloud Computing Bootcamp On The Google App Engine v1.2.1Matthew McCullough
 
Meder Kydyraliev - Mining Mach Services within OS X Sandbox
Meder Kydyraliev - Mining Mach Services within OS X SandboxMeder Kydyraliev - Mining Mach Services within OS X Sandbox
Meder Kydyraliev - Mining Mach Services within OS X SandboxDefconRussia
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 
Analisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoAnalisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoConferencias FIST
 
Google chrome sandbox
Google chrome sandboxGoogle chrome sandbox
Google chrome sandboxNephi Johnson
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?Dmitry Evteev
 
Isys20261 lecture 14
Isys20261 lecture 14Isys20261 lecture 14
Isys20261 lecture 14Wiliam Ferraciolli
 
B875.pptx
B875.pptxB875.pptx
B875.pptxMarcoTrujillo29
 
Project Penetration Testing Report(20 Points)Scenario.docx
Project Penetration Testing Report(20 Points)Scenario.docxProject Penetration Testing Report(20 Points)Scenario.docx
Project Penetration Testing Report(20 Points)Scenario.docxsimonlbentley59018
 
Pen test methodology
Pen test methodologyPen test methodology
Pen test methodologyCahyo Darujati
 
Docker practical solutions
Docker practical solutionsDocker practical solutions
Docker practical solutionsKesav Kumar Kolla
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 

More Related Content

Similar to Sandbox – Online, Offline

Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13drewz lin
 
Containers for sensor web services, applications and research @ Sensor Web Co...
Containers for sensor web services, applications and research @ Sensor Web Co...Containers for sensor web services, applications and research @ Sensor Web Co...
Containers for sensor web services, applications and research @ Sensor Web Co...Daniel Nüst
 
Red Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceRed Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceDon Anto
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks ShopJason Smith
 
Practical Occlusion Culling in Killzone 3
Practical Occlusion Culling in Killzone 3Practical Occlusion Culling in Killzone 3
Practical Occlusion Culling in Killzone 3Guerrilla
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareTyler Borosavage
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
 
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]Alex Pruden
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Cloud Computing Bootcamp On The Google App Engine v1.2.1
Cloud Computing Bootcamp On The Google App Engine v1.2.1Cloud Computing Bootcamp On The Google App Engine v1.2.1
Cloud Computing Bootcamp On The Google App Engine v1.2.1Matthew McCullough
 
Meder Kydyraliev - Mining Mach Services within OS X Sandbox
Meder Kydyraliev - Mining Mach Services within OS X SandboxMeder Kydyraliev - Mining Mach Services within OS X Sandbox
Meder Kydyraliev - Mining Mach Services within OS X SandboxDefconRussia
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 
Analisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoAnalisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoConferencias FIST
 
Google chrome sandbox
Google chrome sandboxGoogle chrome sandbox
Google chrome sandboxNephi Johnson
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?Dmitry Evteev
 
Project Penetration Testing Report(20 Points)Scenario.docx
Project Penetration Testing Report(20 Points)Scenario.docxProject Penetration Testing Report(20 Points)Scenario.docx
Project Penetration Testing Report(20 Points)Scenario.docxsimonlbentley59018
 

Similar to Sandbox – Online, Offline (20)

Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13
 
Containers for sensor web services, applications and research @ Sensor Web Co...
Containers for sensor web services, applications and research @ Sensor Web Co...Containers for sensor web services, applications and research @ Sensor Web Co...
Containers for sensor web services, applications and research @ Sensor Web Co...
 
Red Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceRed Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in Cyberspace
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks Shop
 
Practical Occlusion Culling in Killzone 3
Practical Occlusion Culling in Killzone 3Practical Occlusion Culling in Killzone 3
Practical Occlusion Culling in Killzone 3
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by Malware
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
 
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack Fu
 
Cloud Computing Bootcamp On The Google App Engine v1.2.1
Cloud Computing Bootcamp On The Google App Engine v1.2.1Cloud Computing Bootcamp On The Google App Engine v1.2.1
Cloud Computing Bootcamp On The Google App Engine v1.2.1
 
Meder Kydyraliev - Mining Mach Services within OS X Sandbox
Meder Kydyraliev - Mining Mach Services within OS X SandboxMeder Kydyraliev - Mining Mach Services within OS X Sandbox
Meder Kydyraliev - Mining Mach Services within OS X Sandbox
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 
Analisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoAnalisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario Malicioso
 
Google chrome sandbox
Google chrome sandboxGoogle chrome sandbox
Google chrome sandbox
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
 
Isys20261 lecture 14
Isys20261 lecture 14Isys20261 lecture 14
Isys20261 lecture 14
 
B875.pptx
B875.pptxB875.pptx
B875.pptx
 
Project Penetration Testing Report(20 Points)Scenario.docx
Project Penetration Testing Report(20 Points)Scenario.docxProject Penetration Testing Report(20 Points)Scenario.docx
Project Penetration Testing Report(20 Points)Scenario.docx
 
Pen test methodology
Pen test methodologyPen test methodology
Pen test methodology
 
Docker practical solutions
Docker practical solutionsDocker practical solutions
Docker practical solutions
 

Recently uploaded

PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxcallscotland1987
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 

Recently uploaded (20)

PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 

Sandbox – Online, Offline

  • 1. Sandbox – Online, Offline By Pushkar Null-The Open Secuirty Community
  • 2. Sandbox… Sandbox may refer to: Limited, restricted environment for a specific purpose Litter box, an indoor box for cats to relieve themselves Sandpit or sandbox, a wide, shallow playground construction to hold sand often made of wood or plastic Sandbox (railways), a container that holds sand for use in improving rail adhesion in slippery conditions Sandboxing is a popular technique for creating confined execution environments, which could be be used for running untrusted programs. A sandbox limits, or reduces, the level of access its applications have — it is a container
  • 3. Sandbox… Sandbox (computer security), a virtual container in which untrusted programs can be safely run Sandbox (software development), an online environment in which code or content changes can be tested without affecting the original system Sandbox Effect, in Google Internet search rankings
  • 4. How it works… Basic two mechanism… Namespace isolation - agents are unable to manipulate resources that they cannot name. Access checks - discharge proof obligations of the form “agent A may manipulate resource R by method M“ Intercepting System calls Deny the system call, Audit the system call's invocation, Pre- process the arguments, Post-process the result, Replace the system call's implementation
  • 5. Limitations… Sandboxing implementations suffer from five broad kinds of limitation: too much isolation not enough isolation non-portability non-usability design and implementation failures
  • 6. Google Sandbox… Sandbox Effect, Technique that google uses to ran new website in its search results Check whether it is a genuine or a spam website
  • 7. Others… Wikipedia Sandbox http://en.wikipedia.org/wiki/Wikipedia:Sandbox MySQL Sandbox http://en.wikipedia.org/wiki/Wikipedia:Sandbox Chrome http://dev.chromium.org/developers/design-documents/sandbox.
  • 8. Malware Analysis… Online Anubis http://anubis.iseclab.org/ BitBlaze https://aerie.cs.berkeley.edu/ Comodo Instant Malware Analysis  http://camas.comodo.com/ Eureka http://eureka.cyber-ta.org/ JoeBox http://www.joebox.org/submit.php Norman Sandbox  http://www.norman.com/security_center/security_tools/submit_file/en Sunbelt Sandbox:  http://www.sunbeltsecurity.com/sandbox/ ThreatExpert http://www.threatexpert.com/ Xandora http://www.xandora.net/xangui/
  • 9. Offline… Sandboxie http://www.sandboxie.com/index.php?DownloadSandboxie Autovin http://autovin.pandasecurity.my/ IDefenseLabs SysAnalyzer http://labs.idefense.com/software/ MandiantMemoryze, Red Curtain http://www.mandiant.com/products/free_software  
  • 10. Additional Tools… Buster Sandbox Analyzer http://bsa.isoftware.nl/ Malware Analyser 2.8 : http://code.google.com/p/malwareanalyzer/