 It is my pleasure now, Cézair Pizzi, on Problems. Hello to everyone. Thank you. Can you hear me? Everyone, can you hear me? Okay, great. Okay, let's start immediately. I have to fly a bit on the presentation because it's a little, maybe a bit long, but okay, let's say I do my best to do everything. Okay, that's about me, but let's keep it just a few information about me. I'm a security researcher. I worked on a lot of open source projects. I developed in the past a proof of concept for Arduino code injections, but that's not important. You can have a look to these things in my GitHub. I will leave you the reference at the end of the presentation, but let's start with the presentation of this little research. What I started to think was something about the invisible cloud, as I called him, of the sandboxes. We have a lot of tools out there, which popped out in the last, I don't know, five years. Sandboxes available for more or less everyone from one side and from another side. A lot of vendors that are trying to sell this kind of software to be installed in our environment or maybe another option is to install our own sandbox by using, for example, a well-known tool like Cuckoo, for example, which is a great tool. So we have a lot of these systems around and what I thought is, okay, can we try to use them outside of what is their maybe intended usage? And so it started to try to make some thoughts about this. And so, okay, first of all, the sandboxes are usually isolated. So our environments are not able to go anywhere, but maybe we can try to do something about this. And so what if we can get access to these systems? For example, we can try to get some internal information that maybe are not mean to be disclosure. For example, serial numbers, for example. The first thing I thought was the serial number of the office installation, for example. Or maybe we can try to fingerprint the system to understand if you are in a sandbox. This we can see, we will see later that it's maybe done for some reasons or maybe use them as a bridge to go somewhere else, for example. And maybe other things as well. And so, first thing, I try to do a quick list of sandboxes out there. I know, this is not a complete list, we have tons of them. I just got this because they are more or less the most famous or in any case used, for example, for sure, everyone knows what is it and also the others probably. But there are quite a lot, so I decided not to do this test manually, but to write a script to automate the actions. And so, I'd like to have... Okay, I'd like to build something that allowed me to conduct this research. And that was done not reinventing anything, actually, sorry. But leveraging well-known tools like, for example, MSvenom from the Metasploiter to create the payloads or maybe the 7-zip self-extractor to create what I would like to do is to create a kind of self-extracting executable that will have a callback function, a way to drop files because I would like to bring with me some utilities on the sandbox itself. And maybe a kind of randomization, let's say a simple one, because we all know that the sandboxes are usually doing a basic check about hashes. I would like to avoid this to trigger, in any case, every time I upload a sample, a new analysis. So, I created something to address this issue. And so, that's not rocket science. It's a quick and dirt Python script, nothing really special, but I will release it on my GitHub at the end of the dev console. You can try to use it, okay? You can write your own. It's the same, probably it's not so difficult to do it, but it allowed me to automate this research. So, how it works. In some way, the script itself, it's able to leverage DMS venom capabilities to create a specific payload with a specific callback IP import. It has the possibility to specify a folder where I can put my utilities and also way to script my actions when I try to upload this on the sandbox. Okay, for example, here we can see an example of the drop folder. The drop folder is just a folder where I put all my utilities. For example, here, you can see that I would like to upload on the sandbox theqrl.txt and the product key.txt. Product key.txt is an utility for Neelsoft, which is extracting the Microsoft Office product key, for example, from the system. And I would like to bring this on the sandbox itself. So, at the end, when I run this script, I will have something like that. So, a kind of self-extracting executable with some scrambled name as you can see here, you see some .txt.txt files which are the cool.txt we saw before. Scrambled names with scrambled content as well because I would like, as I said, to avoid the hash detections. And so, that is what it will be created. Together with this, we see also a setup.battle.setup.sh, which has an underscore at the beginning with the actions I would like to automate. Okay, the underscore means, okay, don't touch the file, tag to my script to not touch the file, but just put it into the package without scrambling it because, in some case, I don't want to rename it. And so, let's start with the keys one. So, I would like to try to get a reverse shell out of the sandboxes. So, I run the script with this syntax here. We're very simple. And I uploaded it on all these sandboxes mentioned at the beginning. And this is the result. As you can see here, a lot of them gave me actually a shell. For some of them, it's not actually a surprise. In Iran, for example, I allow you interactive access. So, okay, it's not a big issue. But for some other, maybe it's more surprising. And what I would like to stress is here, the behavior of Palo Alto and Virus Total. Both of them gave me TCP callback, but then the connection went down. Like if there is a kind of IPS or something monitoring the outgoing connection of the system, probably they have something which was recognizing that I tried to open a reverse shell and they cut off the connection. But let's keep in mind this because we'll come back on this later on and we'll see something funny. Okay, now I have a reverse shell on the system, but why this is relevant? Why I should be worried about? Because I can actually extract information from them. Here you can see I run the product key.txt and I got the office installation product keys. I removed them from privacy here, obviously, but they were there. And so why this is important? That's really important from my point of view, from a point of view of a malware researcher, for example. First of all, consider that this is private information that probably someone don't want to disclose. Especially if you are running your own sandbox, this is something that you have to consider because if you are relying on something that is provided by an IT vendor, we don't care. We just use what our firewall vendor is providing as a sandbox but it's their business if they are losing the office keys. If you are running our own, that's very important. But what is, in my opinion, the most important thing here is that this allows to leak information from this and this allows the fingerprinting of the system. This is already happening. A lot of malware is doing this. I came across a sample a couple of weeks ago of the Okai keylogger which was the installer was checking for the user name of the system. User name they will get from, probably, Virustotal or a sandbox like that one. That's really important because that means that if the sample is able to identify it, it can also evade the analysis. It can make the most undetectable sandboxes useless, let's say. Okay, this is a quick demo of what I did. Here I tried to upload a sample on the S&D box. As you can see on your left side, yes, there was a metasploit running. As you can see, I got the reversal here and then I was able to extract the product key. For example, here, obviously, I removed it. Let's go to the case two. I named it cross-send box spawning. What that means? We saw that we have external access from the systems. That means that also we can try to maybe try to run an attack against someone else. If I upload something that is doing, let's say a SQL injection or something like that to a third-party site, I can do it again. This may be very interesting for us if you are using third-party sandboxes but if you are running our own, it's really important because someone could knock on our door and asking us why you did something wrong on that site. This is something we need to keep in mind. Here is a simple setup I did on my script. I just created this script here. As you can see, there is a qrl.txt running. In this case, not a real attack. It's just an upload of a file. But it would be interesting for the third case. Let's keep this in mind. As you can see, the qr.txt here is angle-braked because it will be replaced automatically by the script with the scrambled name of the file when the file is renamed. It will be done automatically by the script. This is the result of the test. As you can see, I would like to stress the Palo Alto and VirusTotter sandboxes are allowing me to do this. That will bring us to the third case. Why this is relevant? We have to consider a couple of things. One is that we can use something to proxy attacks to someone else. This is something that we can take into consideration. Second point, sometimes these sandboxes are really in our infrastructure. Sometimes we don't even have a real perception of that because, for example, our anti-spam vendor may have these sandboxes, and maybe someone can just run an attack against someone else by sending an email to us, for example, because it just executes the payload and so on. The interesting thing is this is an example of a zero effort exploit as described in the science of the wire, on the wire book, which is a great book if you work in security fields, so have a read of it. Let's have a look to the demo as well. Here I'm uploading the demo on the site, and then I'm looking for my hybrid analysis, a well-known sandbox. Then I created a fake site just waiting for an info.php file to be uploaded, and we can see here that, okay, I got this file uploaded on the sandbox itself. This worked for all the sandboxes we saw before, and that is bringing us to the third case. Let's try to do something creative to combine the two things we did before. Okay, we saw that some of the sandboxes looks like preventing us to get access and to leak information, but if we combine the second case, maybe we can do something. I created another little script which has been processed by my Python script, which is just combining the qrl.exe, so the upload of the file with the product key.exe, so I just, as you can see here, redirected the output of the product key.exe in a file and then tried to upload it on my site. Actually, I was able, in this way, to extract information from both Palo Alto and Varus Total. That means that also in this case I was able to get this, let's say, something that is not supposed to be disclosed. So let's have a look here of the, again, a quick demo, in this case on the Palo Alto Wildfire Sandbox. So I uploaded the payload, and then in a while I will see that I will have the file uploaded on my site with all the leaked information I would like to get. So here it is, and so we can get the information out. Okay. Maybe we can also use this system to do some other things, because it's just three cases, very quick. But maybe you can try to do other things, like, for example, test your own sandbox. If you are running your own sandbox in your environment, that's something I encourage you to do, for sure, because maybe someone is not realizing that some kind of information that maybe sent out without big effort. So it's something that you need to check. Maybe try to different fingerprinting techniques, because there's really a wall here. You can get every kind of information out of the sandbox, beginning from the shellbags, the shim cache content, and so on. All this information allows someone to do a very, very precise fingerprinting on the system, maybe understanding also which is the specific sandbox that is running on. So that's something that you have to take into consideration. Also, I added this build database with the result of fingerprinting on the sandbox. I mean, this is not a good idea. I don't know if maybe it can be used by for nefarious ways. And then, okay, you can try some other things, like, I don't know, I thought mining, maybe not because I think the running time is limited to 15 minutes usually, or something like that. So mining is probably not probably a real thing to do, but okay, it's something you can try. So this is the summary of what I did. So the results on the several sandboxes with the specific test I ran. And a sample of collected data. Here I'm focused mainly on the office product key, which were obviously redacted here for privacy, but you can get everything out from the systems. It's just a matter of thinking what you want to get. Are offline sandbox safer? You know, there are, and we saw that there are some vendors not allowing us any kind of external access. So are they safer? Maybe, yes, a little bit. Because in case of an APT, for example, let's think about a determined attacker. In this case, maybe it can't just get access to your technology. So if I have FireEye, which is not allowing maybe external access, but they can get the appliance, I can try to run the fingerprinting on that specific sandbox, and so extract this information anyway, because what these sandboxes are doing are creating very detailed report on what this sample is doing. So maybe just writing a registry key with the content I would like to extract, for example, the product key of office or any other information, I can just get the information out. So they are safer probably, but not completely safe in this point. Remediations. Okay, which other remediation is not easy, because I understand that this is part of the sandbox functionality, so not easy to block these kind of behaviors. But it's something we have to consider, and the vendors have to consider, because it's really maybe dangerous in some cases. For example, an IPS on the outside connection is a solution that probably is already in place for some of the vendors, as we saw at the beginning of the presentation. Also our web application firewall may be masking information going out. It's another solution that could be considered. And for, let's say, for internet information, probably the best solution is randomized as much as possible, but it's not the easy one. Randomization for sure is the one that could allow to avoid these kind of issues, but it's for sure not the easy solution, so it's not the quick one. Probably the quick and dirty solution is running a kind of IPS or something in outgoing connections. Disclosure. I did it, yes, obviously. So the only reply I got was from the guys at the VirusTotal. They were very interested in the thing, so they work and so thumbs up for them, they took it seriously, and they started to think something about this, so very good. All the others, more or less, didn't give me a reply about the disclosure. Okay, these are the references of all the tools I used in the creation of this research, so Metasploit for sure, 7-Zip, DWA site for the creation of the site, and some utilities. And so let's wrap up. Okay, at the end, the sandboxes are useless. No, I don't think so. I think that we can just understand how they work and how much trust we can put in them, because as you can see, it may be easier than what we expect to evade the analysis. So thinking that we are safe because we have a sandbox in our environment checking every file downloaded on a firewall or checking every mail coming in, it's okay, but you have to understand how these things are working, and maybe you can also try to run your own test on that, because sometimes vendors are just selling these things to us, saying, okay, with this, you are 100% safe, the sandbox itself is undetectable. Okay, I trust you, but let's try to run a couple of tests on them, and maybe then ask for a discount for it. Okay, this is my GitHub, so if you want to have a look at the presentation of the script, I will publish everything there, and that's all. So thank you for me. I don't know if you have any question. Okay, thank you very much. Thanks for being here, and thanks a lot. Enjoy your DEF CON.