drakvuf-sandbox
karton
Our great sponsors
| drakvuf-sandbox | karton | |
|---|---|---|
| 2 | 2 | |
| 983 | 366 | |
| 2.0% | 3.0% | |
| 8.5 | 6.8 | |
| 14 days ago | 24 days ago | |
| Python | Python | |
| GNU General Public License v3.0 or later | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
drakvuf-sandbox
-
Want to setup a malware analysis Sandbox on Windows 10. Almost giving up...
Why not have a look at DRAKVUF? Supports W10 2004 guests: https://github.com/CERT-Polska/drakvuf-sandbox
-
Similar to cuckoo sandbox
Try Drakvuf Sandbox. It's actively maintained by CERT.PL team
karton
- Advices for an automated malware analysis lab project
-
Using a Virtual Machine to Isolate and Test Files for Malware
I did something along the lines of what you describe at work. The easiest way to check files is of course uploading their hashes to virustotal (it's free!) but if you still want to set up an automated malware analysis lab then VMware is a decent choice. You should have a resonably beefy VM (at least 16 gb of ram, couple of cpu cores, rather large ROM also make sure you expose hardware virtualization to this guest). You want the machine to have a bit better specs than a regular windows pc - that way malware won't think "Oh hey, this computer I am on has suspiciously low specs - it's probably a VM! Better delete myself to hinder any threat hunting efforts". On that machine you should install a linux distro - ubuntu for example. Then on this linux you should install a sandbox - for example Cuckoo (it works well on Vsphere, Esxi guests). I know there exist other sandbox software but I worked with this one and it performed alright. Installing and configuring Cuckoo is a bit more involved than I'd like to get into in this comment but I'm sure you will figure this out with numerous tutorials and documentation pages available. Take a look at Volatility framework too! For automating you might want to check out Karton Framework (https://github.com/CERT-Polska/karton) . I haven't used it but I had the chance to talk to its authors and it seems dope.
What are some alternatives?
flare-vm - A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
dumpulator - An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
mwdb-core - Malware repository component for samples & static configuration with REST API interface.
theZoo - A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
pyc2bytecode - A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
qiling - A True Instrumentable Binary Emulation Framework
karton-playground
yarGen - yarGen is a generator for YARA rules
intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
simplify - Android virtual machine and deobfuscator
cerberus_research - Research tools for analysing Cerberus banking trojan.