I'm currently running a sandbox environment on my ESXI host, which sits on a physical HP server. I have quite a few VMs running, in addition to the Windows 10 sandbox VM. The only purpose on this Sandbox is for myself to detonate Malware and run analytics. The Sandbox host resides on it's own network/VLAN which ultimately terminates to a firewall, the Sandbox network cannot talk to any other networks. All control of the Sandbox is handled through console connection via Vsphere. As far as I'm concerned this is a standard sandbox environment setup, but it begs the question: Those of you with a similar setup, how concerned are you about someone exploiting the hypervisor via virtual machine escape? Also, before someone chimes in: Yes I'm aware some modern Malware will detect that it's running on a VM and not fully detonate, this is purely for independent research.
May 09, 2020 06:08 AM