Joe Lab
The Cloud-based Malware Analysis Lab
Joe Lab is the industry's first Cloud-based malware analysis lab.
Joe Lab offers dedicated (24x7), bare-metal lab machines for manual malware analysis and security testing (long and short term) with the following features:
- Cloud based - the Lab does not sit in your network
- Windows 10/11 x64 lab machines
- Full web-based VNC remote access
- Full web-based file system access
- Configurable and anonymized Internet connection (23+ countries)
- Internet simulation (no Internet)
- Full network capture (PCAP, not on machine)
- Screenshot capture (JPG, not on machine)
- Reset machine state to a known good state with a single click
- Bare metal, no virtual machines
- RestFul WEB API
Joe Lab is built for the following use-cases:
- Safely execute suspicious files
- Manual malware analysis
- Long term (from days to weeks and months) malware observation
- Testing malware and phishing against your security end-point stack
- Developing and testing malware detections (Yara, Sigma etc)
- Exploit analysis
- Installing, validating and testing new software
Joe Lab Explained
A malware analysis lab is a key infrastructure of any CERT, CIRT or SOC to manually analyze malware, develop and test new detections, generate threat intelligence, etc. Setting up a malware analysis lab is cumbersome and requires a lot of effort. You have to buy hardware, install software, setup a dedicated network, make sure the lab is fully isolated (to protect your organization's network), provide an anonymized Internet line, a way to reset the lab machine, maintain the hardware etc. In some companies, running a malware analysis is completly forbidden due to risks and compliace policies.
Joe Lab completely removes this burden by offering security teams and malware analysts dedicated bare-metal (to defeat virtual machine aware malware) hardware machines with all the major functionality in the Cloud. Since everything runs remotely there is no security risk. Lab machines are accessed via browser-based VNC (mouse and keyboard). In addition, full file system access (including up- and download) is available via the web browser. The lab machines are connected to an anonymized Internet line for which the exit country can be chosen (to defeat country aware malware). If no Internet connection is required, Internet simulation can be enabled. With a single click, analysts can reset the lab machine to a clean state and start a new analysis session.
Bare-Metal Lab Machines
Joe Lab offers bare-metal / real physical machines to analyze and detect malware. Bare-metal machines are resilient to VM-aware malware.
Full access
Malware analysts, SOCs, CERTs, CIRTs and security teams get full access to Joe Lab via web-based VNC and a web-based file system browser.
Anonymized Internet Connection
Joe Lab machines use an anonymized Internet connection. SOCs, CERTs, CIRTs and security teams can choose one of 23+ countries for the Internet connection exit point. This is very helpful for analyzing country-aware malware.
Internet Simulation
Joe Lab machines do not necessarily require an Internet connection, they can also be configured to use Internet Simulation. This is benefitical in cases where you analyze malware which could spread, or when you don't want to let the malware authors know you catched the malware.
Single Click Restore
Joe Lab machines can be restored to a known good state in minutes. With that, malware analysts can completely wipe an existing infection and start a new analysis session.
Capture Machine State
Joe Lab enables to capture two additional machine states. At any time malware analysts can restore to one of the two states.
RestFul WEB API
Via the simple WEB API Joe Lab customers can automate tasks such as file access, machine restoring, PCAP capturing, and much more. Example scripts in Python are available.
Full Network Capture
Joe Lab enables customers to capture the full network traffic of a lab machine. The traffic is stored in a PCAP which can be downloaded. This enables persisting all network IOCs during a malware analysis lab session.
Screenshot Capture
Joe Lab enables customers to capture screenshots of a lab machine. Screenshots are regularly taken and can be viewed and downloaded. This enables persisting all visual activities of a malware analysis lab session.
A malware analysis lab is a completely isolated network with machines for malware analysis and detection. It's a key part of the infrastructure of any SOC, CERT or CIRT. Any security team should have access to a malware analysis lab.
Joe Lab is a Cloud-based malware analysis lab.
Any SOC, CERT, CIRT or malware analyst who wants to have access to a world class malware analysis lab and don't have time to maintain, or are not allowed to run their own lab.
Lab machines are bare-metal machines to which you get full access to.
Web-based VNC and full system access via browser
Yes, but you can also enable Internet simulation if you require privacy.
No, the machines are physical - bare metal. Therefore you don't have to deal with any malware detecting your lab machine (VM-aware malware).
Yes, in addition you can choose from currently 24 different countries which serve as exit point.
Yes, only you have access to a lab machine. All lab machines are isolated.
24x7, up to 1 year.
Yes with a single click.
Yes, full root access.
Analyze malware, test malware detections, do exploit analysis etc.
No, it runs within Joe Security's Cloud. There is no connection to your network.
Learn more about Joe Lab
Contact Joe Security to schedule a technical presentation or get a trial.