wsb-detect enables you to detect if you are running in Windows Sandbox (“WSB”). The sandbox is used by Windows Defender for dynamic analysis, and commonly manually by security analysts and alike. At the tail end of 2019, Microsoft introduced a new feature named Windows Sandbox (WSB for short). The techniques used to fingerprint WSB are outlined below, in the techniques section. Feel free to submit a pull request if you have any fingerprinting ideas 🎉. I’ve been messing around with it now and then, I will have more on Windows Sandbox coming soon.