Maybe you have looked in the Whitehat lab and have noticed many programs thinking why is he focusing on mainly disassemblers & debuggers? That’s the first road my friend. Our next road begins here in making our own https://malwr.com/ It won’t be hosted on a website, no it will be your testing ground. One of them. Cuckoo Sandbox is an open source automated malware analysis system.
Now someone has complained saying my tutorials are too advanced for our readers. This person who I will not name because I don’t want people to target them as I know some will, but they stated they think the readers meaning you are too noob to get any of this. I told them don’t assume everyone’s brain dead. Here at Cyber Guerrilla AnonNexus we try to bring you something new as there are many repetitive posts in #OpNewblood. I think you have learned about Jabber, IRC, SSH, SSL quite enough….Now let’s learn about defending yourself against malware. Besides if anyone doesn’t like my work, they can go fuck themselves! – https://twitter.com/ro0ted/
Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com +
We are going to go over three sections:
1.) Preparing the Host
2.) Preparing the Guest
3.) Preparing the Physical Machine
Preparing the Host
The host is the main OS you are using to run Cuckoo off of. Mainly people use LInux but Windows is possible to. I used Debian for the main OS to run cuckoo off but luckily for you, I made a Win7 Walkthrough as well.
Preparing the Host config files
Cuckoo relies on six main configuration files:
cuckoo.conf: for configuring general behavior and analysis options.
auxiliary.conf: for enabling and configuring auxiliary modules.
- <machinery>.conf: for defining the options for your virtualization software
(the file has the same name of the machinery module you choose in cuckoo.conf).
memory.conf: Volatility configuration.
processing.conf: for enabling and configuring processing modules.
reporting.conf: for enabling or disabling report formats.
To get Cuckoo working you have to edit auxiliary.conf:, cuckoo.conf and <machinery>.conf at least.
Preparing the Guest
For analysis purposes you are recommended to use Windows XP Service Pack 3, but Cuckoo Sandbox also proved to work with Windows 7 with User Access Control disabled.
Preparing the Physical Machine
Will post a debian walk through & how to use it. Everything malwr.com does for you, so does this as it’s based off the same product.
- You can follow any responses to this entry through the RSS 2.0 feed.
- Both comments and pings are currently closed.