Saturday, January 25, 2014

cuckoo v 1.0 - hardening patch

Some days ago, I found a post talking about cuckoo sandbox going to version 1.0. I was so excited that I decided directly to give it a try.
New fancy web interface (btw don't use the apt-get installation for django but the pip one), and a lot of bug fixes and features.

 As I already published some time ago, I tuned a little bit my cuckoo trying to find the best way to evade VM/Sandbox detection techniques (see old posts).
Cuckoo going v1, the patch needed also a v1. I used the patch originally from Alienvault (see alienvault), then modified by Hubert Kromer (see kromer) and I added the last anti-detection mechanism published on my blog to create a patch that works on v1. I think that it should even work on v0.6 but anyway the latest stable is 1.0 so give it a try ! :).

 https://github.com/markedoe/cuckoo-sandbox

 Pafish:

 

 waleedassar


Posted by at
Labels: , , , , , ,

5 comments:

  1. UnknownAugust 28, 2014 at 3:35 PM

    Will this dll work with the 1.1 version of Cuckoo?

    ReplyDelete
    Replies
    1. Mark.August 31, 2014 at 11:23 AM

      Hi Don,

      I didn't try. I'll check if I have some time. Don't hesitate to reply if you already tried.
      Cheers.

      Delete
  2. MatteoOctober 29, 2014 at 1:41 PM

    This comment has been removed by the author.

    ReplyDelete
  3. MatteoOctober 29, 2014 at 1:46 PM

    @ Don
    I have just tried it on Cuckoo 1.2-dev (configured on a VM with Ubuntu 12.04) and it works! :)

    @ Mark
    I really appreciate your work here.

    ReplyDelete
  4. bestNovember 16, 2020 at 1:23 PM

    tanx

    ReplyDelete

Subscribe to: Post Comments (Atom)