Quote:
Originally Posted by TurcoLoco
But, what if you are running Sandboxie within Windows Sandbox which is running in VBox which is running on Lindows, then what?
jk.
Merry Xmas to all the geeks everywhere!
|
It'd still see the DLL on most malware analyst-detection since it is running in Sandboxie... Regardless of the layers of VM Sandboxie is running within... Same with all major virtualization and subsystem-isolation solutions, though... Malware just blacklists shared libraries and memory mapping behavior, and 99.9% of the solutions do little to nothing to hide...
Years back there was a third-party plugin for Sandboxie that did okay hiding it from IAT, LoadLibrary, and memory scan, but that stopped being updated...
Sandboxie is second to none for zero and nth day exploit infection containment, though... Combine it with Chromium rendering sandboxing and telementry opsec and you'll make the NSA annoyed...