Patch Management
One of the keys to using Cuckoo successfully is to track the applied patches/updates to your guess Operating System (OS) and application(s) also known as a baseline. The baseline eliminates specific vulnerabilities in certain software based on the applied patch/update level. A baseline allows one to rule out malware which effects vulnerabilities covered by your baseline. My recommendation is to have your baseline patched/updated between 1 - 3 months behind the current month. This is because every environment handles patches/updates differently which can lead to delays in rolling out patches/updates.
Guess Operating System
Cuckoo supports Linux, Unix, and Windows operating systems. While Linux and Unix Operating systems are targets for malware, Windows is the most used Operating System in the business sector and therefore will be the Operating Systems of focus for this post. My recommendations are to test malware samples on Windows 7 (32-bit/64-bit) or Windows 10 (32-bit/64-bit).
Steps
1. Guess Operating System Configurations
- Disable the Windows Firewall
- Disable the Windows Defender
- Reason for disabling the above is that organizations use third party vendors to manage those functions (i.e. Norton anti-virus, Sonic wall, etc)
- If possible, set automatic updates to "notify when updates are available and let me chose which ones to download and install."
- Download and install Python 2.7
- (Optional) Download and install Python Image Library 1.1.7 for Python 2.7
- Transfer the Cuckoo Agent via a temporary shared folder between the host and guess operating system.
3. Additional Software
- Install the following commonly used programs: Microsoft Office (2007, 2010, 2013), Adobe Flash player, Adobe Reader, and Java.
- Add commonly used browser plugins
5. Paranoid Fish (Pafish)
- Purpose is to help one determine if their Sandbox is detectable by malware.
- Some malware has the capability to detects the presents of a sandbox. If it detects one it will fail to execute preventing one from obtaining any analytical information from it.
- Installation:
- Download the executable file Paranoid Fish to your Virtual Machine.
- Install the executable.
- Run it.
1. Cuckoo Sandbox Documentation.
Social Media
Facebook:
https://www.facebook.com/BDavisCS/
Twitter:
@BDavis_CyberSec
When getting to the point where cuckoo needs to be installed, anybody getting either error?
ReplyDeletesudo pip install -U pip setuptools
The directory '/home/sandbox/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
--------------------------------------
sandbox@sandbox:~/Downloads/cuckoo$ sudo pip install -U cuckoo
The directory '/home/sandbox/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
The directory '/home/sandbox/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Collecting cuckoo
Could not find a version that satisfies the requirement cuckoo (from versions: )
No matching distribution found for cuckoo
hey sir, at first i would like to thank you for this great knowledge, May you upload the last part video ?
ReplyDeletebecause i am still unable to run cuckoo.
my regards,
hey, i follow everything and i got this output after i run "python cuckoo.py"
ReplyDelete/////////////////////////////////////////////////////////
Traceback (most recent call last):
File "cuckoo.py", line 18, in
from lib.cuckoo.common.utils import exception_message
File "/home/fuad/Downloads/cuckoo/lib/cuckoo/common/utils.py", line 32, in
import bs4
File "/usr/local/lib/python2.7/dist-packages/bs4/__init__.py", line 30, in
from .builder import builder_registry, ParserRejectedMarkup
File "/usr/local/lib/python2.7/dist-packages/bs4/builder/__init__.py", line 314, in
from . import _html5lib
File "/usr/local/lib/python2.7/dist-packages/bs4/builder/_html5lib.py", line 70, in
class TreeBuilderForHtml5lib(html5lib.treebuilders._base.TreeBuilder):
AttributeError: 'module' object has no attribute '_base'
/////////////////////////////////////////////////////
pip install --upgrade beautifulsoup4
ReplyDeletepip install --upgrade html5libpip
That error almost drove me mad on a Kali rolling dist..
This comment has been removed by the author.
ReplyDeleteI just couldn't leave your website before telling you that I truly enjoyed the top quality info you present to your visitors? Will be back again frequently to check up on new posts.
ReplyDeletehey...Thanks for providing all the detailed steps. I followed all your steps but getting this error while running cuckoo.py:
ReplyDelete/////////////
cuckoo@cuckoo-virtual-machine:~/Downloads/cuckoo$ sudo ./cuckoo.py
ERROR: Missing dependency: No module named requests
////////////
instagram takipçi satın al
ReplyDeletecasino siteleri
044
elf bar
ReplyDeletebinance hesap açma
sms onay
F2Tİ
betmatik
ReplyDeletekralbet
betpark
tipobet
slot siteleri
kibris bahis siteleri
poker siteleri
bonus veren siteler
mobil ödeme bahis
X73OU
canlı sex hattı
ReplyDeleteheets
salt likit
salt likit
puff bar
6OGE1C
hatay
ReplyDeleteığdır
iskenderun
ısparta
istanbul
2KJ
salt likit
ReplyDeletesalt likit
WİSPİ
resimli magnet
ReplyDeleteresimli magnet
çerkezköy çatı ustası
silivri çatı ustası
dijital kartvizit
ZTET