Risky Business Podcast

VMRay Co-Founders Discuss the Evolution of Sandbox Technology

VMRay Co-Founders Dr. Carsten Willems and Dr. Ralf Hund have a deep background in malware sandbox technology. Even before the founding of VMRay in 2013, Carsten and Ralf develop malware analysis and detection software that found its way into both academic and commercial products.

Ralf developed a sandbox for Microsoft’s mobile operating system which was used in academia. It allowed individuals to submit a Windows Mobile app for analysis and obtain a report on the actions performed by the program. Ralf also contributed to the Anubis sandbox which is still commonly used in academic settings.

Carsten developed one of the first commercial malware sandboxes CWSandbox, which was later acquired by Sunbelt Software.

During their doctoral studies at Rhur-University Bochum, the two co-founders collaborated on an academic paper that addressed the shortcoming of existing malware sandbox technologies (hooking and emulation), which is the basis for VMRay’s underlying technology.

In this 30-minute interview on the Risky Business Podcast, Carsten and Ralf talk with host Patrick Gray about their background in malware sandbox technology, how it evolved, and the primary ways malware evades sandbox detection. Later in the interview, the duo discusses how a sandbox can be used earlier in the action chain.