Search the Community
Showing results for tags 'malboxes'.
Found 1 result
Builds malware analysis Windows virtual machines so that you don’t have to. Demo Video: Requirements Python 3.3+ packer: [Hidden Content] or an vSphere / ESXi server Minimum specs for the build machine At least 5 GB of RAM VT-X extensions strongly recommended Usage Box creation This creates your base box that is imported in Vagrant. Afterwards you can re-use the same box several times per sample analysis. Run: malboxes build <template> You can also list all supported templates with: malboxes list This will build a Vagrant box ready for malware investigation you can now include it in a Vagrantfile afterwards. For example: malboxes build win10_64_analyst [Hidden Content] contains further information about what can be configured with malboxes. Per analysis instances malboxes spin win10_64_analyst <name> This will create a Vagrantfile prepared to use for malware analysis. Move it into a directory of your choice and issue: vagrant up By default the local directory will be shared in the VM on the Desktop. This can be changed by commenting the relevant part of the Vagrantfile. For example: malboxes spin win7_32_analyst 20160519.cryptolocker.xyz Configuration Malboxes' configuration is located in a directory that follows usual operating system conventions: Linux/Unix: ~/.config/malboxes/ Mac OS X: ~/Library/Application Support/malboxes/ Win 7+: C:\Users\<username>\AppData\Local\malboxes\malboxes\ The file is named config.js and is copied from an example file on first run. [Hidden Content] is documented. ESXi / vSphere support Malboxes uses virtualbox as a back-end by default but since version 0.3.0 support for ESXi / vSphere has been added. Notes about the [Hidden Content]. Since everyone’s setup is a little bit different do not hesitate to open an issue if you encounter a problem or improve our documentation via a pull request. Profiles We are exploring with the concept of profiles which are stored separately than the configuration and can be used to create files, alter the registry or install additional packages. See [Hidden Content] for an example configuration. This new capacity is experimental and subject to change as we experiment with it. More information Blog posts Introductory blog post: [Hidden Content] in a talk titled Applying DevOps Principles for Better Malware Analysis [Hidden Content] (HTML, best) [Hidden Content] (PDF, degraded) [Hidden Content] License Code is licensed under the GPLv3+, see LICENSE for details. Documentation and presentation material is licensed under the Creative Commons Attribution-ShareAlike 4.0, see docs/LICENSE for details. Dowload & Source : [Hidden Content]