Publicado Por
Unknown
//
17:53
//
25 ago 2014
Código:
Preface 1 ---------------------------------------------------------- Chapter 1: Getting Started with Automated Malware Analysis using Cuckoo Sandbox 5 ---------------------------------------------------------- Malware analysis methodologies 5 Basic theory in Sandboxing 6 Malware analysis lab 7 Cuckoo Sandbox 8 Installing Cuckoo Sandbox 10 Hardware requirements 10 Preparing the host OS 11 Requirements 11 Install Python in Ubuntu 11 Setting up Cuckoo Sandbox in the Host OS 14 Preparing the Guest OS 16 Configuring the network 17 Setting up a shared folder between Host OS and Guest OS 21 Creating a user 25 Installing Cuckoo Sandbox 25 cuckoo.conf 26 <machinemanager>.conf 26 processing.conf 27 reporting.conf 27 Summary 31 Chapter 2: Using Cuckoo Sandbox to Analyze a Sample Malware 33 --------------------------------------------------------------- Starting Cuckoo 33 Submitting malware samples to Cuckoo Sandbox 35 Submitting a malware Word document 39 Submitting a malware PDF document – aleppo_plan_cercs.pdf 44 Table of Contents [ ii ] Submitting a malware Excel document – CVE-2011-0609_XLSSWF- 2011-03-08_crsenvironscan.xls 47 Submitting a malicious URL – http://youtibe.com 49 Submitting a malicious URL – http://ziti.cndesign.com/biaozi/fdc/page_07.htm 52 Submitting a binary file – Sality.G.exe 54 Memory forensic using Cuckoo Sandbox – using memory dump features 58 Additional memory forensic using Volatility 62 Using Volatility 63 Summary 64 Chapter 3: Analyzing the Output of Cuckoo Sandbox 65 ----------------------------------------------------- The processing module 66 Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara 67 Summary 87 Chapter 4: Reporting with Cuckoo Sandbox 89 --------------------------------------------- Creating a built-in report in HTML format 90 Creating a MAEC Report 92 Exporting data report analysis from Cuckoo to another format 98 Summary 104 Chapter 5: Tips and Tricks for Cuckoo Sandbox 105 ------------------------------------------------- Hardening Cuckoo Sandbox against VM detection 105 Cuckooforcanari – integrating Cuckoo Sandbox with the Maltego project 113 Installing Maltego 115 Automating e-mail attachments with Cuckoo MX 120 Summary 124 Index 125 -------------------------------------------------
Descargar:
0 comentarios: