Hey all! Thanks for adding me! It appears this is quite the massive group so I’ll save all the details about me and get straight to it. I’m looking for a solution similar to the open source project, Cuckoo but I need the solution to operate below where the malware is operating…I.e so the malware doesn’t know it’s there. Does anyone have a lead on such a solution?
Ryan
If you want real malware analysis you need to do it manually. Sandboxes can’t be relied upon anymore 
I don’t mean that in every situation. lol what I mean is that cuckoo was left to dust while you can just spin up a windows VM and detonate copied samples yourself. Heuristics and ML analysis has a far better detection rate saving time and money in my experience
All though in all situations you can bypass eventually with enough time and resources
In a few weeks I’ll be testing out of CISSP and I’m confident that sandboxing will be a touched on subject, but I’m more than aware that tech develops faster than courses so I was curious as to what you meant
Yeah I was unsure, I was like- has there been a wave of VM escape code being added to general malware? o.O
But I can absolutely agree, aside from manual code decompilation and review heuristics is your best bet for scalable detection. High chance of running into false positives though
Oh well you’re right on the money. (Idk about CISSP) but unfortunately the industry has forced me to cope with this type of thinking like:
One side of mind is testing and industry recognized answer
Other side of my mind is the actual answer that isn’t “industry recognized” which is correct but not according to the “experts” lol 
why is it like this