Additional isolation needed when analyzing malware in S2E?

33 views
Skip to first unread message

H Liu

unread,
Jan 7, 2025, 1:26:51 AMJan 7
to S2E Developer Forum
I am currently trying to use S2E to analyze windows malware. However, I am not sure if I need to run S2E in an isolated environment such as a virtual machine to fully isolate my host system from possible infection. I know that S2E actually runs the target program in a virtual machine in order to analyze it, but is this enough to isolate the host that S2E is actually running on or do I need to run S2E in a virtual machine to ensure security?

I apologize if this seems like a fairly obvious question. I'm still fairly new to malware analysis and just want to make sure I'm covering my bases so I don't accidentally fry my computer. My computer OS is Ubuntu 20.04 btw if that's relevant.

Vitaly Chipounov

unread,
Jan 7, 2025, 7:13:26 AMJan 7
to s2e...@googlegroups.com
Hi,

If you test malware, I'd suggest you do it on a host that has no Internet, no sensitive data, and which you can wipe if needed.
S2E uses an old QEMU 3.0 that certainly has many vulnerabilities. The S2E engine itself hasn't been designed for maximum security either.

Vitaly

On Tue, Jan 7, 2025 at 7:26 AM H Liu <hanso...@gmail.com> wrote:
External Message - Exercise Caution
This message originates from outside Cyberhaven. Please double check the sender and hover any links to ensure it is not phishing.
I am currently trying to use S2E to analyze windows malware. However, I am not sure if I need to run S2E in an isolated environment such as a virtual machine to fully isolate my host system from possible infection. I know that S2E actually runs the target program in a virtual machine in order to analyze it, but is this enough to isolate the host that S2E is actually running on or do I need to run S2E in a virtual machine to ensure security?

I apologize if this seems like a fairly obvious question. I'm still fairly new to malware analysis and just want to make sure I'm covering my bases so I don't accidentally fry my computer. My computer OS is Ubuntu 20.04 btw if that's relevant.

--
You received this message because you are subscribed to the Google Groups "S2E Developer Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to s2e-dev+u...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/s2e-dev/dd98478a-f262-4072-90f7-7fd4ed2bd78bn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages