Explore Joe Security Cloud Basic Accounts Contact Us
top title background image

Joe Lab

The Cloud-based Malware Analysis Lab

Joe Lab is the industry's first Cloud-based malware analysis lab.

Joe Lab offers dedicated (24x7), bare-metal lab machines for manual malware analysis and security testing (long and short term) with the following features:

  • Cloud based - the Lab does not sit in your network
  • Windows 10 x64 lab machines
  • Full web-based VNC remote access
  • Full web-based file system access
  • Configurable and anonymized Internet connection (23+ countries)
  • Internet simulation (no Internet)
  • Full network capture (PCAP, not on machine)
  • Screenshot capture (JPG, not on machine)
  • Reset machine state to a known good state with a single click
  • Bare metal, no virtual machines
  • RestFul WEB API

Joe Lab is built for the following use-cases:

  • Safely execute suspicious files
  • Manual malware analysis
  • Long term (from days to weeks and months) malware observation
  • Testing malware and phishing against your security end-point stack
  • Developing and testing malware detections (Yara, Sigma etc)
  • Exploit analysis
  • Installing, validating and testing new software
Joe Lab

Joe Lab Explained

Joe Lab Explained

A malware analysis lab is a key infrastructure of any CERT, CIRT or SOC to manually analyze malware, develop and test new detections, generate threat intelligence, etc. Setting up a malware analysis lab is cumbersome and requires a lot of effort. You have to buy hardware, install software, setup a dedicated network, make sure the lab is fully isolated (to protect your organization's network), provide an anonymized Internet line, a way to reset the lab machine, maintain the hardware etc. In some companies, running a malware analysis is completly forbidden due to risks and compliace policies.

Joe Lab completely removes this burden by offering security teams and malware analysts dedicated bare-metal (to defeat virtual machine aware malware) hardware machines with all the major functionality in the Cloud. Since everything runs remotely there is no security risk. Lab machines are accessed via browser-based VNC (mouse and keyboard). In addition, full file system access (including up- and download) is available via the web browser. The lab machines are connected to an anonymized Internet line for which the exit country can be chosen (to defeat country aware malware). If no Internet connection is required, Internet simulation can be enabled. With a single click, analysts can reset the lab machine to a clean state and start a new analysis session.

Learn more about Joe Lab

Contact Joe Security to schedule a technical presentation or get a trial.

Bare-Metal Lab Machines

Joe Lab offers bare-metal / real physical machines to analyze and detect malware. Bare-metal machines are resilient to VM-aware malware.

Bare-Metal Lab Machines

Full access

Malware analysts, SOCs, CERTs, CIRTs and security teams get full access to Joe Lab via web-based VNC and a web-based file system browser.

Full access

Anonymized Internet Connection

Joe Lab machines use an anonymized Internet connection. SOCs, CERTs, CIRTs and security teams can choose one of 23+ countries for the Internet connection exit point. This is very helpful for analyzing country-aware malware.

Anonymized Internet Connection

Internet Simulation

Joe Lab machines do not necessarily require an Internet connection, they can also be configured to use Internet Simulation. This is benefitical in cases where you analyze malware which could spread, or when you don't want to let the malware authors know you catched the malware.

Internet Simulation

Single Click Restore

Joe Lab machines can be restored to a known good state in minutes. With that, malware analysts can completely wipe an existing infection and start a new analysis session.

Single Click Restore

Capture Machine State

Joe Lab enables to capture two additional machine states. At any time malware analysts can restore to one of the two states.

Capture Machine State


Via the simple WEB API Joe Lab customers can automate tasks such as file access, machine restoring, PCAP capturing, and much more. Example scripts in Python are available.


Full Network Capture

Joe Lab enables customers to capture the full network traffic of a lab machine. The traffic is stored in a PCAP which can be downloaded. This enables persisting all network IOCs during a malware analysis lab session.

Full Network Capture

Screenshot Capture

Joe Lab enables customers to capture screenshots of a lab machine. Screenshots are regularly taken and can be viewed and downloaded. This enables persisting all visual activities of a malware analysis lab session.

Screenshot Capture

Request a Joe Lab trial

Contact Joe Security to receive a free trial for Joe Lab.

What is a malware analysis lab?

A malware analysis lab is a completely isolated network with machines for malware analysis and detection. It's a key part of the infrastructure of any SOC, CERT or CIRT. Any security team should have access to a malware analysis lab.

What is Joe Lab?

Joe Lab is a Cloud-based malware analysis lab.

Who should use Joe Lab?

Any SOC, CERT, CIRT or malware analyst who wants to have access to a world class malware analysis lab and don't have time to maintain, or are not allowed to run their own lab.

What are lab machines?

Lab machines are bare-metal machines to which you get full access to.

What access methods are provided to lab machines?

Web-based VNC and full system access via browser

Are the lab machines connected to the Internet?

Yes, but you can also enable Internet simulation if you require privacy.

Are the lab machines virtual machines?

No, the machines are physical - bare metal. Therefore you don't have to deal with any malware detecting your lab machine (VM-aware malware).

Is the Internet line anonymized?

Yes, in addition you can choose from currently 24 different countries which serve as exit point.

Is the lab private?

Yes, only you have access to a lab machine. All lab machines are isolated.

How long do I have access to a lab machine?

24x7, up to 1 year.

Can the lab machine be reset to a clean state?

Yes with a single click.

Do I have full access to the lab machines?

Yes, full root access.

What can I do on lab machines?

Analyze malware, test malware detections, do exploit analysis etc.

Is the lab machine connected to my network?

No, it runs within Joe Security's Cloud. There is no connection to your network.