So let’s say you have to run that sketchy or untrusted executable/project/binary/whatever and you want to do in a safe manner. Wide range of applicable solutions based on virtualization and contenerization technologies allow secure examination of suspicious software in a sandboxed environment.

If you’re a Linux user, you’d probably point your attention to LXC[0]. Just a few commands to bring up shiny new environment based on a distro selected from wide variety of available options, running on the host kernel with no excessive emulation overhead.

That alone provides decent separation from whatever you don’t want an object of research to touch in your workstation. But what about connectivity?