Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
General Apps
VM and Remote Access
Install Cuckoo Sandbox on Ubuntu virtualbox
Message
<blockquote data-quote="Andrezj" data-source="post: 1016907" data-attributes="member: 97580"><p>i do not know how useful this list will be to you as most of these are not open source, at most they offer an upload api</p><p></p><p>[URL unfurl="true"]https://zeltser.com/automated-malware-analysis/[/URL]</p><p></p><p>however, this list is open source malware analysis sandboxes and you can see the latest commits</p><p>not confident you will find anything useful but at least you can separate the currently maintained projects versus the archived</p><p></p><p>[URL unfurl="true"]https://awesomeopensource.com/projects/malware-analysis/sandbox[/URL]</p><p></p><p></p><p>build your test environment on a network disconnected (disable the network adapter during testing), this is going to give you what you want - which i am going to assume is to test and develop your detection system</p><p></p><p></p><p>this is what most researchers do, they just use a malware analysis sandbox as a quick and easy source of behaviors and other information</p><p>do not use any shared folders between the test virtual machines and the host</p><p>others say to disable cpu virtualization of the vm, but i could not find the technical reason</p><p></p><p></p><p>certainly it is technically possible in some way, but i have never heard of such a case where the ransomware managed to escape a fully and properly configured virtual environment</p><p>virtual machine breakouts are possible as VUPEN once showed, but exploiting virtual machines is a tactic that will only be used by sophisticated threat actors and that means those with lots of resources and skilled personnel, think nation state actors</p><p></p><p>[URL unfurl="true"]https://www.securityweek.com/vupen-method-breaks-out-virtual-machine-attack-hosts[/URL]</p><p></p><p>there are cases of ransomware running in a virtual environment and then infecting the host, but that involved the shared folders (which is not windows smb by the way, it is a proprietary host-guest protocol developed by oracle (and vmware has its own for folder\file sharing between host and guest)</p><p></p><p>[URL unfurl="true"]https://nakedsecurity.sophos.com/2020/05/22/the-ransomware-that-attacks-you-from-inside-a-virtual-machine/[/URL]</p><p>[URL unfurl="true"]https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-virtual-machines[/URL]</p><p></p><p>you should be further aware that if you do test malware with the internet enabled, without using a vpn your public ip address could be blacklisted by your isp</p><p></p><p>ask [USER=36043]@harlan4096[/USER] about setting up a malware test environment</p></blockquote><p></p>
[QUOTE="Andrezj, post: 1016907, member: 97580"] i do not know how useful this list will be to you as most of these are not open source, at most they offer an upload api [URL unfurl="true"]https://zeltser.com/automated-malware-analysis/[/URL] however, this list is open source malware analysis sandboxes and you can see the latest commits not confident you will find anything useful but at least you can separate the currently maintained projects versus the archived [URL unfurl="true"]https://awesomeopensource.com/projects/malware-analysis/sandbox[/URL] build your test environment on a network disconnected (disable the network adapter during testing), this is going to give you what you want - which i am going to assume is to test and develop your detection system this is what most researchers do, they just use a malware analysis sandbox as a quick and easy source of behaviors and other information do not use any shared folders between the test virtual machines and the host others say to disable cpu virtualization of the vm, but i could not find the technical reason certainly it is technically possible in some way, but i have never heard of such a case where the ransomware managed to escape a fully and properly configured virtual environment virtual machine breakouts are possible as VUPEN once showed, but exploiting virtual machines is a tactic that will only be used by sophisticated threat actors and that means those with lots of resources and skilled personnel, think nation state actors [URL unfurl="true"]https://www.securityweek.com/vupen-method-breaks-out-virtual-machine-attack-hosts[/URL] there are cases of ransomware running in a virtual environment and then infecting the host, but that involved the shared folders (which is not windows smb by the way, it is a proprietary host-guest protocol developed by oracle (and vmware has its own for folder\file sharing between host and guest) [URL unfurl="true"]https://nakedsecurity.sophos.com/2020/05/22/the-ransomware-that-attacks-you-from-inside-a-virtual-machine/[/URL] [URL unfurl="true"]https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-virtual-machines[/URL] you should be further aware that if you do test malware with the internet enabled, without using a vpn your public ip address could be blacklisted by your isp ask [USER=36043]@harlan4096[/USER] about setting up a malware test environment [/QUOTE]
Insert quotes…
Verification
Post reply
Top
