Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Security's Blog

Joe Sandbox 23 - Black Opal is out!

Although it's summertime and the livin' is easy, we have been working hard to deliver Joe Sandbox v23 under the code name Black Opal! This release is packed with brand new features and interesting enhancements that make Joe Sandbox more powerful than ever. Our Joe Sandbox Cloud Pro, Basic and OEM servers have already been upgraded to Black Opal a couple of days ago. If you wish to upgrade your on-premise Joe Sandbox Desktop, Mobile, X, Complete  and Ultimate installation right away, then please run the following command: mono joeboxserver.exe --updatefast Even though we're excited about every aspect of this release, in this blog post we will highlight only a few of our favorite Joe Sandbox Black Opal features.


Reduce Friction: extracting Sysmon logs with Joe Sandbox

Sysmon is a powerful tool to monitor endpoints, it is free and can be easily installed on many machines. It creates lots of log messages and stores them in the Windows event log. Those logs are usually routinely sent to a central log server such as Graylog, where blue teams can easily search them: To get meaningful search terms, blue teams often use sandboxes such as Joe Sandbox, to deeply analyze malware. However, the IOCs generated by sandboxes are many times not in the appropriate format to easily correlate them to the Sysmon events.


APT28: Digging through Sandbox-Evasions with Bare Metal Analysis

In October 2017, we blogged about the advantages of analyzing malware on bare metal machines. Bare metal analysis offers the possibility to perform dynamic analysis on real devices such as laptops or PCs. The bare metal analysis is not affected by virtual machine detection, which is a major check done by most malware nowadays: To demonstrate this, we analyzed a recent sample related to APT28/Grizzlybear which includes nine different evasion tricks. Spotting evasive Samples on Cloud Basic We have various triggers and alerts defined for our free online platform called Joe Sandbox Cloud Basic.


Older Posts