Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

 

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware,, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      0x1

      Malboxes

      1 post in this topic

      Builds malware analysis Windows virtual machines so that you don’t have to.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Demo Video:

      Spoiler

       

      Requirements

      • Python 3.3+

      • packer:

        Hidden Content

          Give reaction to this post to see the hidden content.

      • vagrant:

        Hidden Content

          Give reaction to this post to see the hidden content.

      • Hidden Content

          Give reaction to this post to see the hidden content.
        or an vSphere / ESXi server

      Minimum specs for the build machine

      • At least 5 GB of RAM

      • VT-X extensions strongly recommended

      Usage

      Box creation

      This creates your base box that is imported in Vagrant. Afterwards you can re-use the same box several times per sample analysis.

      Run:

      malboxes build <template>

      You can also list all supported templates with:

      malboxes list

      This will build a Vagrant box ready for malware investigation you can now include it in a Vagrantfile afterwards.

      For example:

      malboxes build win10_64_analyst

      Hidden Content

        Give reaction to this post to see the hidden content.
      contains further information about what can be configured with malboxes.

      Per analysis instances

      malboxes spin win10_64_analyst <name>

      This will create a Vagrantfile prepared to use for malware analysis. Move it into a directory of your choice and issue:

      vagrant up

      By default the local directory will be shared in the VM on the Desktop. This can be changed by commenting the relevant part of the Vagrantfile.

      For example:

      malboxes spin win7_32_analyst 20160519.cryptolocker.xyz

      Configuration

      Malboxes' configuration is located in a directory that follows usual operating system conventions:

      • Linux/Unix: ~/.config/malboxes/

      • Mac OS X: ~/Library/Application Support/malboxes/

      • Win 7+: C:\Users\<username>\AppData\Local\malboxes\malboxes\

      The file is named config.js and is copied from an example file on first run.

      Hidden Content

        Give reaction to this post to see the hidden content.
      is documented.

      ESXi / vSphere support

      Malboxes uses virtualbox as a back-end by default but since version 0.3.0 support for ESXi / vSphere has been added. Notes about the

      Hidden Content

        Give reaction to this post to see the hidden content.
      . Since everyone’s setup is a little bit different do not hesitate to open an issue if you encounter a problem or improve our documentation via a pull request.

      Profiles

      We are exploring with the concept of profiles which are stored separately than the configuration and can be used to create files, alter the registry or install additional packages. See

      Hidden Content

        Give reaction to this post to see the hidden content.
      for an example configuration. This new capacity is experimental and subject to change as we experiment with it.

      More information

      Blog posts

      • Introductory blog post:

        Hidden Content

          Give reaction to this post to see the hidden content.

         

      Presentations

      malboxes was presented at

      Hidden Content

        Give reaction to this post to see the hidden content.
      in a talk titled Applying DevOps Principles for Better Malware Analysis

      • Hidden Content

          Give reaction to this post to see the hidden content.
        (HTML, best)

      • Hidden Content

          Give reaction to this post to see the hidden content.
        (PDF, degraded)

      • Hidden Content

          Give reaction to this post to see the hidden content.

      License

      Code is licensed under the GPLv3+, see LICENSE for details. Documentation and presentation material is licensed under the Creative Commons Attribution-ShareAlike 4.0, see docs/LICENSE for details.

      Dowload & Source :

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      • Like 3

      Share this post


      Link to post
      Share on other sites

      Create an account or sign in to comment

      You need to be a member in order to leave a comment

      Create an account

      Sign up for a new account in our community. It's easy!

      Register a new account

      Sign in

      Already have an account? Sign in here.

      Sign In Now
      Sign in to follow this