Cuckoo Sandbox
#1

[Aby zobaczyć linki, zarejestruj się tutaj]


What is Cuckoo Sandbox?


In three words, Cuckoo Sandbox is a malware analysis system.

What does that mean? It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

Why should you use it?

Malware is the swiss-army knife of cybercriminals and any other adversary to your corporation or organization.

In these evolving times, detecting and removing malware artifacts is not enough: it's vitally important to understand how they work and what they would do/did on your systems when deployed and understand the context, the motivations and the goals of a breach.

In this way you are able to more effectively understand the incident, respond to it and protect yourself for the future.


What does it produce?

Cuckoo generates a handful of different raw data which include:

   Native functions and Windows API calls traces
   Copies of files created and deleted from the filesystem
   Dump of the memory of the selected process
   Full memory dump of the analysis machine
   Screenshots of the desktop during the execution of the malware analysis
   Network dump generated by the machine used for the analysis

In order to make such results more consumable to the end users, Cuckoo is able to process them and generate different type of reports, which could include:

   JSON report
   HTML report
   MAEC report
   MongoDB interface
   HPFeeds interface

Even more interestingly, thanks to Cuckoo's extensive modular design, you are able to customize both the processing and the reporting stages. Cuckoo provides you all the requirements to easily integrate the sandbox into your existing frameworks and storages with the data you want, in the way you want, with the format you want.

There are infinite other contexts where you might need to deploy a sandbox internally, from analyzing an internal breach to proactively scouting wildly distributed threats, collect actionable data and analyzing the ones actively targeting your infrastructure or products.

In any of these cases you'll find Cuckoo to be perfectly suitable, incredibly customizable and well... free!


Strona projektu: cuckoosandbox.org
Odpowiedz
#2
Tak cuckoo to b. dobry sandbox ale raczej do analizy malwaru. Oparty na virtualboxie instalowanym na linuxie do którego wrzuca się sample a rejestrowane są zmiany w systemie w określonym wcześniej czasie.
Odpowiedz


Skocz do:


Użytkownicy przeglądający ten wątek: 1 gości