Joe Lab is the industry's first Cloud-based malware analysis lab.
Joe Lab offers dedicated (24x7), bare-metal lab machines for manual malware analysis and security testing (long and short term) with the following features:
Joe Lab is built for the following use-cases:
A malware analysis lab is a key infrastructure of any CERT, CIRT or SOC to manually analyze malware, develop and test new detections, generate threat intelligence, etc. Setting up a malware analysis lab is cumbersome and requires a lot of effort. You have to buy hardware, install software, setup a dedicated network, make sure the lab is fully isolated (to protect your organization's network), provide an anonymized Internet line, a way to reset the lab machine, maintain the hardware etc. In some companies, running a malware analysis is completly forbidden due to risks and compliace policies.
Joe Lab completely removes this burden by offering security teams and malware analysts dedicated bare-metal (to defeat virtual machine aware malware) hardware machines with all the major functionality in the Cloud. Since everything runs remotely there is no security risk. Lab machines are accessed via browser-based VNC (mouse and keyboard). In addition, full file system access (including up- and download) is available via the web browser. The lab machines are connected to an anonymized Internet line for which the exit country can be chosen (to defeat country aware malware). If no Internet connection is required, Internet simulation can be enabled. With a single click, analysts can reset the lab machine to a clean state and start a new analysis session.
Contact Joe Security to schedule a technical presentation or get a trial.
Joe Lab offers bare-metal / real physical machines to analyze and detect malware. Bare-metal machines are resilient to VM-aware malware.
Malware analysts, SOCs, CERTs, CIRTs and security teams get full access to Joe Lab via web-based VNC and a web-based file system browser.
Joe Lab machines use an anonymized Internet connection. SOCs, CERTs, CIRTs and security teams can choose one of 23+ countries for the Internet connection exit point. This is very helpful for analyzing country-aware malware.
Joe Lab machines do not necessarily require an Internet connection, they can also be configured to use Internet Simulation. This is benefitical in cases where you analyze malware which could spread, or when you don't want to let the malware authors know you catched the malware.
Joe Lab machines can be restored to a known good state in minutes. With that, malware analysts can completely wipe an existing infection and start a new analysis session.
Joe Lab enables to capture two additional machine states. At any time malware analysts can restore to one of the two states.
Via the simple WEB API Joe Lab customers can automate tasks such as file access, machine restoring, PCAP capturing, and much more. Example scripts in Python are available.
Joe Lab enables customers to capture the full network traffic of a lab machine. The traffic is stored in a PCAP which can be downloaded. This enables persisting all network IOCs during a malware analysis lab session.
Joe Lab enables customers to capture screenshots of a lab machine. Screenshots are regularly taken and can be viewed and downloaded. This enables persisting all visual activities of a malware analysis lab session.
Contact Joe Security to receive a free trial for Joe Lab.
A malware analysis lab is a completely isolated network with machines for malware analysis and detection. It's a key part of the infrastructure of any SOC, CERT or CIRT. Any security team should have access to a malware analysis lab.
Joe Lab is a Cloud-based malware analysis lab.
Any SOC, CERT, CIRT or malware analyst who wants to have access to a world class malware analysis lab and don't have time to maintain, or are not allowed to run their own lab.
Lab machines are bare-metal machines to which you get full access to.
Web-based VNC and full system access via browser
Yes, but you can also enable Internet simulation if you require privacy.
No, the machines are physical - bare metal. Therefore you don't have to deal with any malware detecting your lab machine (VM-aware malware).
Yes, in addition you can choose from currently 24 different countries which serve as exit point.
Yes, only you have access to a lab machine. All lab machines are isolated.
24x7, up to 1 year.
Yes with a single click.
Yes, full root access.
Analyze malware, test malware detections, do exploit analysis etc.
No, it runs within Joe Security's Cloud. There is no connection to your network.