Clicky

Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Security's Blog

PowerShell ScriptBlockLogging rocks!

Needless to say, PowerShell has become an important means for Malware to do persistence. If you are interested in learning more about this topic, an excellent write-up about PowerShell & Malware has been published by Symantec THE INCREASED USE OF POWERSHELL IN ATTACKS. PowerShell has a lot of tricks which makes analysis harder, however, in PowerShell 5.0, Microsoft added some nice logging feature.

Read more...

Joe Sandbox 18.0.0 is ready!

We are happy to announce the release of Joe Sandbox 18, our most advanced Deep Malware Analysis engine. In this blog post we will share some of the most interesting new features we have implemented. VBA Macro Winapi Instrumentation Samples using Winapi (native or normal ones) calls inside a Microsoft Office Macro are now instrumented and logged: A malware family using Winapi calls in Macros is Hancitor.  SCAE Library Code Detection We added library code detection to SCAE (Static Code Analysis Engine) and EGA (Execution Graph Analysis): The EGA nodes are shown with a lower opacity, making it easier to distinguish between malware code and library code.

Read more...

OEM'ing Joe Sandbox

Here at Joe Security, we have a long tradition of doing OEM business. OEM stands for original equipment manufacturer and is kind of misleading term. Today OEM is often used to describe that company B can integrate, bundle or resell a product of company A. Why do companies integrating dynamic malware analysis system (sandboxes) into their products? Well a sandbox enables your product to: Detect unknown malware with high detection precision Determine the payload and type of malware Get IOC's and additional forensic artifacts about a thread Looking at use-cases the following industries/vendors/tools can benefit from Sandbox integrations: Secure Gateway & Firewall vendors Secure Gateways and Firewalls can extract samples from the wire and send them to the sandbox.

Read more...



Older Posts