How Windows 1903 makes malware analysis easier — introducing Windows Sandbox
Microsoft just released Windows 1903 which includes a new operating system feature called Windows Sandbox. Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation, making it ideal for malware analysis.
Windows Sandbox is built on the same technologies that power Windows Containers making it more suitable to run on laptops without requiring the full power of Windows Server and/or a full VM.
Interested in more technical details? Select the dark button on the right
How do you analyse malware? Does every laptop support Windows Sandbox? And how do I safely transfer files to and from the sandbox? The dark button on the right hand side of the screen will take you to the technical details.
How can I learn to hunt?
It's hard. It's years of experience. Knowing the platforms, knowing what to look for. But you also need the basic skills: working with tools like PEiD, Ollydbg, strings and many others.
— Maarten Goet, MVP & RD