I'm testing out a security program and one of the features is an isolated cloud sandbox.
Maybe it's isolated but not from the internet because I accidentally discovered that I'm able to have my powershell script executed on their sandbox. I can do things like list the contents of the C drive and download files.
Just to be clear, this is not the type of sandbox where you can manually upload files, it's scanning files that I'm working on and doing this on it's own.
Is this a vulnerability in their sandbox or expected behavior? A malware writer, could easily detect this sandbox based on the files and not execute their code.
I downloaded one of the files from the sandbox and it appeared to be a test document, probably to detect ransomware. Virustotal last seen this file 2 years ago.