Kali
Neton is a tool for getting information from Internet connected sandboxes. It is composed by an agent and a web interface that displays the collected information.The Neton agent gets information from the systems on which it runs and exfiltrates it via HTTPS to the web server. Some of the information it collects: All this information …
Continue reading “Neton : A Sandbox Information Gathering Tool”
The Sandbox Scryer is an open-source tool for producing threat hunting and intelligence data from public sandbox detonation output The tool leverages the MITRE ATT&CK Framework to organize and prioritize findings, assisting in the assembly of IOCs, understanding attack movement and in threat hunting By allowing researchers to send thousands of samples to a sandbox …
goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed. GO sandbox to run untrusted code. Usage Usage of ./gobox: gobox [FLAGS] command Flags:-h Print Usage.-n valueA glob pattern for automatically blocking file reads.-y valueA glob pattern for automatically allowing file reads. Also Read …
Ever have that not so safe feeling uploading your malware binaries to VirusTotal or other AV sites because you can look up binaries by hashes? Recomposer will take your binary and randomly do the following: Change the file name Change the section names Change the section flags Injection random number of five different types of …
Fake Sandbox Processes small script will simulate fake processes of analysis, sandbox and VM software that some malware will try to avoid. You can download the original script made by @x0rz here (thanks, by the way). You can also download my slightly optimised script from the root directory. The file is named fsp.ps1. This exact …
Continue reading “Fake Sandbox : Script To Simulate Fake Processes Of Analysis Sandbox/VM”
By using MalwareCMDMonitor python script, you can observe the commands of the latest malware instances executed on hybrid-analysis.com sandbox. In a nutshell, it downloads the HA feed and then retrieves commands of unseen instances; the ones that did not appear in the previous feeds. Also ReadJava-Stager : A PoC To Download, Compile & Execute A …
