By ro0ted | January 6, 2015 - 17:37 | Posted in /b/ | 8 Comments
#ro0ted #OpNewblood What the Blackhats don’t want you to know: Cuckoo Sandbox

 

Maybe you have looked in the Whitehat lab and have noticed many programs thinking why is he focusing on mainly disassemblers & debuggers? That’s the first road my friend. Our next road begins here in making our own https://malwr.com/ It won’t be hosted on a website, no it will be your testing ground. One of them. Cuckoo Sandbox is an open source automated malware analysis system.architecture-main

Now someone has complained saying my tutorials are too advanced for our readers. This person who I will not name because I don’t want people to target them as I know some will, but they stated they think the readers meaning you are too noob  to get any of this. I told them don’t assume everyone’s brain dead. Here at Cyber Guerrilla AnonNexus we try to bring you something new as there are many repetitive posts in #OpNewblood. I think you have learned about Jabber, IRC, SSH, SSL quite enough….Now let’s learn about defending yourself against malware. Besides if anyone doesn’t like my work, they can go fuck themselves! – https://twitter.com/ro0ted/

 


 

 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com +

 

 

 

 

 

 

Screenshot from 2015-01-05 19:03:45

We are going to go over three sections:

1.) Preparing the Host

2.) Preparing the Guest

3.) Preparing the Physical Machine

 

Preparing the Host

The host is the main OS you are using to run Cuckoo off of. Mainly people use LInux but Windows is possible to. I used Debian for the main OS to run cuckoo off but luckily for you, I made a Win7 Walkthrough as well.

Windows: https://cyberguerrilla.org/paste/?440a1a71fb7c366e#sLvM+odXQD7sfZfTnIOP5DHcNSfkmjQ6Gf56Q6HBwOk=

Preparing the Host config files

Cuckoo relies on six main configuration files:

  • cuckoo.conf: for configuring general behavior and analysis options.

  • auxiliary.conf: for enabling and configuring auxiliary modules.

  • <machinery>.conf: for defining the options for your virtualization software

    (the file has the same name of the machinery module you choose in cuckoo.conf).

  • memory.conf: Volatility configuration.

  • processing.conf: for enabling and configuring processing modules.

  • reporting.conf: for enabling or disabling report formats.

To get Cuckoo working you have to edit auxiliary.conf:, cuckoo.conf and <machinery>.conf at least.

 

Preparing the Guest

For analysis purposes you are recommended to use Windows XP Service Pack 3, but Cuckoo Sandbox also proved to work with Windows 7 with User Access Control disabled.

Windows: https://cyberguerrilla.org/paste/?d8956600f5b9e1ac#rfvHzVJ1BIvj4gGMf0NTJgoFY8f0S5ZWtwZdXy8WaWM=

 

Preparing the Physical Machine

Wiudows: https://cyberguerrilla.org/paste/?372b9c7c0e53c232#ZqZL9zlhdgZnyymBbKADh5QEN1pZvyaTOxBitSSQFOI=

 

Will post a debian walk through & how to use it. Everything malwr.com does for you, so does this as it’s based off the same product.

ro0ted

(Visited 1,060 times, 1 visits today)


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.

8 Responses to #ro0ted #OpNewblood What the Blackhats don’t want you to know: Cuckoo Sandbox

  1. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats don’t want you to know: Reversing Delphi Part 2

    […] Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com […]

  2. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: Reversing your mobile device

    […] Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com […]

  3. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want u to know | Packing & Crypting, there’s a difference

    […] Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com […]

  4. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: ASM Injecting pt 3 Crypt against AVs

    […] Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com […]

  5. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: ASM Injecting Part 4

    […] Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com […]

  6. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: REMnux Volatility Framework

    […] Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com […]

  7. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know BE: think ur drive is really wiped?

    […] Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com […]

  8. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the Blackhats don’t want you to know: Honeydrive the honeypot distro

    […] Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com […]