root@kali:~/Desktop/live-build-config# cat kali-config/variant-light-voltron/package-lists/kali.list.chroot # You always want those #kali-linux-core kali-desktop-live # Kali applications #<package> # You can customize the set of Kali metapackages (groups of tools) to install
Thanks, Adrian and team at http://www.irongeek.com/
- Keynote: Ed Skoudis
- Attribution and Deception for Threat Intelligence: John Strand
- BloodHound From Red to Blue: Mathieu Saulnier
Some obstacles overcome to get a Cuckoo 2 sandbox going on the class laptop: Win10x64 Pro. This is just my notes and rambling and intent is to write up a working build in case someone else in 610 or the community wants it.
Upstream installation instructions, might give harmless cert error: http://docs.cuckoosandbox.org/en/latest/installation/guest/agent/
The live demo attempt method (FileInsight):
Use web developer tools or Burp to capture source of index page. (Ctrl-A, Ctrl-C)
Paste that HTML into a new buffer in FileInsight.
Trim away everything but the suspicious bitstream.
Select the bitstream (Ctrl-A) and use the Decode tools in the left pane to convert Hex to ASCII (no key).
##Fun stuff from ITTAM class. Get these to work and then share. Save time, reduce dangerous typos.
alias safe="pbpaste| sed -e 's,http,hXXp,g' -e 's,\.,[.],g' | pbcopy; echo 'URLs broken!'" alias unsafe="pbpaste| sed -e 's,hXXp,http,g' -e 's,\[\.\],.,g' | pbcopy; echo 'URLs restored!'" alias unb64="pbpaste | base64 -D" alias infected="7z -pinfected a infected.7z"
Created a portproxy with netsh on archie, Win10 x64 to send traffic out to another host,port. Tested with netcat chat. Also made one in the seven VM, and the dumped memory variously.
netsh>add v4tov4 listenport=3333 connectaddress=192.168.0.8 connectport=8888 listenaddress=0.0.0.0 PS C:\malware> netsh interface portproxy show all Listen on ipv4: Connect to ipv4: