Abstract: Generally discussed herein are systems, devices, and methods for malware analysis. In one or more embodiments, a method can include copying application layer data traffic to create copied application layer data traffic, forwarding at least a portion of the application layer data traffic to a destination client prior to a malware analysis of corresponding copied application layer data traffic, determining whether the copied application layer data traffic includes a specified property, and in response to a determination that the copied application layer data traffic includes the specified property, storing the copied application layer data traffic determined to include the specified property for subsequent malware analysis, the stored copied application layer data traffic including context data of the copied application layer data traffic.

Abstract: Generally discussed herein are systems, devices, and methods for malware analysis lab isolation. A system can include a malware analysis zone LAN in which malware analysis is performed, a separation zone LAN communicatively connected to the malware analysis zone LAN, the separation zone LAN providing access control to manage communication of data between other LANs of the plurality of LANs, an analyst zone LAN communicatively connected to the separation zone LAN, and a remote access zone LAN communicatively connected to the separation zone LAN, the remote access zone LAN providing a user LAN with results from the malware analysis zone LAN and the analyst zone LAN and providing an item for malware analysis by the malware analysis zone LAN.

Abstract: Generally discussed herein are systems, apparatuses, and methods for secure transfer of content across a security boundary. A system can include a high side domain communicatively coupled to a transfer guard module, the high side domain comprising a high side data repository, a first review module executable by processing circuitry to determine whether a permission level of first content violates a permission level of the high side domain, a second review module executable by the processing circuitry to determine whether second content from the high side data repository includes a permission level that violates a permission level of a low side domain, a first data diode module communicatively coupled between the first review module and the high side data repository, and a second data diode module communicatively coupled between the second review module and the high side data repository.

Abstract: Generally discussed herein are systems, devices, and methods for malware analysis lab isolation. A system can include a malware analysis zone LAN in which malware analysis is performed, a separation zone LAN communicatively connected to the malware analysis zone LAN, the separation zone LAN providing access control to manage communication of data between other LANs of the plurality of LANs, an analyst zone LAN communicatively connected to the separation zone LAN, and a remote access zone LAN communicatively connected to the separation zone LAN, the remote access zone LAN providing a user LAN with results from the malware analysis zone LAN and the analyst zone LAN and providing an item for malware analysis by the malware analysis zone LAN.

Abstract: Generally discussed herein are systems, apparatuses, and methods for secure transfer of content across a security boundary. A system can include a high side domain communicatively coupled to a transfer guard module, the high side domain comprising a high side data repository, a first review module executable by processing circuitry to determine whether a permission level of first content violates a permission level of the high side domain, a second review module executable by the processing circuitry to determine whether second content from the high side data repository includes a permission level that violates a permission level of a low side domain, a first data diode module communicatively coupled between the first review module and the high side data repository, and a second data diode module communicatively coupled between the second review module and the high side data repository.

Abstract: Generally discussed herein are systems, devices, and methods for malware analysis. In one or more embodiments, a method can include copying application layer data traffic to create copied application layer data traffic, forwarding at least a portion of the application layer data traffic to a destination client prior to a malware analysis of corresponding copied application layer data traffic, determining whether the copied application layer data traffic includes a specified property, and in response to a determination that the copied application layer data traffic includes the specified property, storing the copied application layer data traffic determined to include the specified property for subsequent malware analysis, the stored copied application layer data traffic including context data of the copied application layer data traffic.

Abstract: According to particular embodiments, a system for outputting prerecorded communications includes a central server that receives playback instructions, retrieves event data from a database according to the playback instructions, and outputs events from the event data to an agent server according to the timing characteristics associated with the events, and the agent server that deploys playback agents into the target group communication service to submit events to the target group communication service.

Abstract: According to particular embodiments, a system for outputting prerecorded communications includes a central server that receives playback instructions, retrieves event data from a database according to the playback instructions, and outputs events from the event data to an agent server according to the timing characteristics associated with the events, and the agent server that deploys playback agents into the target group communication service to submit events to the target group communication service.