Important note for those participating in CTFs, cyber ranges, or simply downloading and testing tools from GitHub.
All PoCs and any software you download and build on your machine should be analyzed beforehand — not only in a sandbox, but also by reviewing the source code itself. Modern AI solutions can help with this task (but ultimately, you should rely only on yourself).
When a new trending CVE appears and there’s no working PoC yet, a huge number of repositories pop up claiming “fully working exploit guaranteed.” This happened with React2Shell.
Check all dependencies the software pulls in. Analyze what it executes and runs.
Otherwise, while you’re hacking a training machine, someone else — outside of a training environment — might be hacking you.
When participating in cyber competitions or labs like HTB, you should always use a virtual machine that is completely isolated from your work or personal system. Also:
— Keep your host OS updated
— Keep your virtualization software updated
— Monitor and properly configure your firewall
Is it inconvenient? Maybe. But in our field, it’s always a trade-off: security or convenience.
At every information security lecture I’ve given this year, I kept repeating two rules:
— Only vigilance will save you
— Your security, including information security, depends only on you.
Tip: isolate any command in a disposable filesystem
When you need to test a script, a suspicious binary, or an installer, creating a separate container isn’t always necessary. Linux provides a simple trick: mount a temporary filesystem over a directory and run your command as if it were operating in a “clean” environment.
Fast, safe, and no Docker required.
Example: replace /tmp/testdir with an empty tmpfs and run everything inside it without affecting real files.
Isolation using tmpfs — a lightweight sandbox without Docker
Create a directory and overlay it with a clean tmpfs:
sudo mkdir -p /tmp/safezone
sudo mount -t tmpfs -o size=100M tmpfs /tmp/safezone
Run the command you want to test in isolation:
cd /tmp/safezone
bash suspicious_script.sh
Remove the isolation:
cd /
sudo umount /tmp/safezone
