patron
asked on
To Use Sandbox in VMware
Need to set-up a machine VMware Sandbox for analysis to be done in my environment for malware analysis , so have few quires on this
> Difference b/w VM and Sandbox
> how to configure my vm as sandbox ?
> any prerequisites with respect to version support,hardware,san,netwo rk etc ?
i Need this to configure in my infra running on 5.5
> Difference b/w VM and Sandbox
> how to configure my vm as sandbox ?
> any prerequisites with respect to version support,hardware,san,netwo
i Need this to configure in my infra running on 5.5
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot.
You should look at Cuckoo, but it requires a host that is not virtualized, but the guest is. Essentially a linux box running virtualbox or vmware, and having a windows os running as the guest. The guest is a snapshot, so it always reverts back to that snap, and the sandbox monitors all the changes that happen to the snapshot.
Cuckoo isn't that easy to setup however. There are commercial offerings, you can us Malwar.com as well as VirusTotal. Malwr.com is a cuckoo sandbox that has a nice http GUI you can use. The trouble is you might be sending files to a 3rd party you can't fully trust. Same with VirusTotal, people pay VT to get access to all the file submissions, and VT gives it to them.
There are other vendors of sandboxes as well, I just have not worked with them.
-rich
Cuckoo isn't that easy to setup however. There are commercial offerings, you can us Malwar.com as well as VirusTotal. Malwr.com is a cuckoo sandbox that has a nice http GUI you can use. The trouble is you might be sending files to a 3rd party you can't fully trust. Same with VirusTotal, people pay VT to get access to all the file submissions, and VT gives it to them.
There are other vendors of sandboxes as well, I just have not worked with them.
-rich
ASKER
@richrumble -Many Thanks for this great info.
No configuration is required in the VM.
None.
Just create a VM, with no network access
1. disconnect networking to the VM.
2. connect to a vSwitch with no physical network interfaces.
and to be honest with you no good can come from this, we would leave it to the professionals, people playing with malware and trojans, end up with massive site infections.