Cuckoo Sandbox :: Quick Start Guide

I've created this quick start guide in the hope that someone might find this useful while serving as a useful note for me to refer back to. System Requirements This is what you will need as a minimum: Essential Reasonably powerful x86 hardware. Any recent Intel or AMD processor should do. 4GB RAM (this is dependent on how many virtual machines you plan to run) Large HDD (virtual machines can take up a lot of space) Ubuntu LTS (14.04 is recommended) Optional x86 CPU capable of supporting Intel VT-x…

Keep reading

Cuckoo Sandbox Part 5: Verification & Conclusion

NOTE: I apologise for the terrible table layout further down below. I've not had the time to fix it yet! :( Now that we have had a successful run with Cuckoo Sandbox - the next step is to verify the results that Cuckoo is giving us. To do that first we need to look at the report that Cuckoo Sandbox have given: Cuckoo Report The report.html contain all the details including all images embedded in base64 code within a single HTML file, making it very portable. Within the report is…

Keep reading

Cuckoo Sandbox Part 4: Testing continued...

Although I covered the installation of a Windows XP based virtual machine in my Installation post I've come to realise that it wasn't quite right. Cuckoo is quite very fussy about the state of a virtual machine and if it isn't done correctly, it will not work properly. I ran into errors in my previous post and I was able to resolve them thanks to the --debug switch for cuckoo.py. This give a very detailed output of what is Cuckoo is doing and you can see where it is…

Keep reading

Cuckoo Sandbox Part 3: Testing

Before starting a malware analysis, the environment must be prepared first. In my previous post about installing Cuckoo, I had already gone though the process of setting up a Windows XP virtual machine in VirtualBox and the writing of configuration files for Cuckoo. I am re-posting the configuration files in order to show what I have used, with the image of Windows XP as configured in my previous post. cuckoo.conf A copy and paste of the edited cuckoo.conf file (all comments have been removed to improve readability: [cuckoo]…

Keep reading

Cuckoo Sandbox Part 2 :: installing

This continues the series of posts about the Cuckoo Sandbox that I am doing for my course at Leeds Beckett University. They are posted on the invitation-only blog named DFA1415. As a result of that, I am making my posts public on my own site and I welcome all comments and feedback. To start at the beginning, go to Part 1. This will detail how Cuckoo Sandbox is installed and configured to work on a Ubuntu 14.04 LTS x64 system. The focus is on the latest version of Cuckoo…

Keep reading

Cuckoo Sandbox - Part 1

This will be a series of posts about the Cuckoo Sandbox that I am doing for my course at Leeds Beckett University. They are posted on the invitation-only blog named DFA1415. As a result of that, I am making my posts public on my own site and I welcome all comments and feedback. About the tool The tool being used is called Cuckoo Sandbox. It is a community supported open source project. Its purpose is to be a malware analysis system. What that mean is that it can provide a…

Keep reading