This page contains a list of freely accessible online malware sandboxes and analytical platforms that I currently find most useful, along with a short overview of their capabilities. The list is (and it is meant to be) non-exhaustive, but if you know of any sandbox which is not mentioned but offers interesting features, feel free to let me know about it. If you’d like to use the table in a presentation or share it on some other site, there is a PNG version bellow to make it easier.

Whether your work has anything to do with security monitoring, malware analysis, incident response, or just general IT administration, you’ve probably come across VirusTotal. It is an invaluable tool when it comes to identifying malicious code, however sometimes we need to dig a bit deeper than just getting a 'detection score' for a potentially dangerous file...

A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at analysis of an interesting malicious document which turned out to be AZORult downloader. What made it stand out - among its other aspects - were 3 layers of home-grown encryption...

A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at what last year brought us, when it comes to malware delivered by e-mail, specifically at the smallest and largest malicious files I found in my e-mail quarantine.

A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at a multi-stage downloader for Agent Tesla.

A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at a macro-based dropper sent to the Internet Storm Center by one of our readers.

A Diary of mine was published today on the SANS Internet Storm Center. If you wondered whether the recent 'BlueKeep worm scare' had any impact when it comes to the number of vulnerable systems out there, then this one is for you.

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at SPF and when even SPF-enabled domains may be spoofed.

A Guest Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at analyzing a malicious LNK file which leads us to a sample of Trickbot.

Unless you live completely cut off from the rest of human civilization, chances are good you’ve heard about the WannaCry ransomware. However, so we’re all on the same page, I’ll go over the salient points of its history before discussing why it is still a threat. WannaCry - the first successful crypto-ransomware worm - started to spread on May 12th 2017 using the EternalBlue exploit and DoublePulsar backdoor implant (both courtesy of the Shadow Brokers and - by proxy - Equation Group/NSA) and supposedly hit more than 100 countries within the first 24 hours.