精华内容
下载资源
问答
  • Cuckoo

    2019-10-25 16:15:51
    Cuckoo
  • Cuckoo virtualize

    2021-01-11 14:48:10
    <div><p>Hello can Cuckoo run as a host on Hyper V? We want to virtualize cuckoo</p><p>该提问来源于开源项目:cuckoosandbox/cuckoo</p></div>
  • Cuckoo license

    2021-01-11 14:53:29
    <div><p>Hello, <ul><li>Is there a link to the license?</li><li>Can cuckoo be used commercially?</li><li>Can cuckoo sandbox be white labeled?</li></ul>该提问来源于开源项目...cuckoosandbox/cuckoo</p></div>
  • cuckoo filter

    2018-01-11 17:39:55
    描述了cuckoo filter 算法的论文版本,比其他博客好多了
  • Distributed Cuckoo

    2020-12-26 08:21:29
    m trying to make my cuckoo modified distributed, but something go wrong. On the master, I run dist.py (x.x.x.x:8081), api.py (x.x.x.x:8090), and cuckoo.py. The slave is running api.py (y.y. y.y:8091) ...
  • Cuckoo Service

    2020-12-09 03:05:23
    <div><p>This service uses the <a href="http://docs.cuckoosandbox.org/en/latest/usage/api/">Cuckoo REST API</a> to submit CRITS samples to Cuckoo Sandbox and retrieve the results of the analysis, ...
  • Wordpress Cuckoo模板

    2019-12-03 19:07:30
    Wordpress Cuckoo模板
  • Cuckoo Rooter

    2021-01-11 19:45:51
    <div><p>Hi there! <p>I've got a problem with starting the Cuckoo Rooter. The error message is the following: <p>CuckooStartupError: The rooter is required but we can&...cuckoosandbox/cuckoo</p></div>
  • <p>run <code>cuckoo web</code> error: <pre><code> C:\Python27\Scripts>cuckoo.exe web c:\python27\python.exe: can't open file 'C:\Python27\Scripts\cuckoo': [Errno 2] No such file or ...
  • Cuckoo Clock

    2021-01-08 11:10:35
    <p>Been using your cuckoo clock automation for a long time however after 115 It not working as it should be. It seems to hit by the hours and 3 minutes later it will hit again. Maybe you have a ...
  • Please create one or more Cuckoo analysis VMs and properly fill out the cuckoo configuration! (venv) root-VirtualBox:~# apt-get install mongodb Reading package lists... Done Building dependency tree ...
  • Cuckoo not able to analyze

    2021-01-11 18:56:18
    <p>cuckoo:~$ cuckoo <pre><code> __ </code></pre> <p>.----..--.--..----.| |--..-----..-----. | || | || || < | _ || _ | |<strong><em>_||</em></strong>||____|||__||<strong><em>_||</strong>___| <p>...
  • <p>2018-07-11 14:42:59,253 [cuckoo.core.guest] DEBUG: loki-3: analysis still processing [111/1833] 2018-07-11 14:42:59,751 [cuckoo.core.resultserver] DEBUG: File upload request for shots/0035.jpg 2018...
  • error running cuckoo

    2021-01-11 15:16:48
    /usr/local/lib/python2.7/dist-packages/Cuckoo-2.0.6.2-py2.7.egg/cuckoo/private/.cwd' <h5>My Cuckoo version and operating system are: Cuckoo 2.0.6 on BackBox (Ubuntu 14.04) <h5>This can be ...
  • cuckoo:~$ cuckoo --cwd ~/.cuckoo migrate INFO [alembic.runtime.migration] Context impl PostgresqlImpl. INFO [alembic.runtime.migration] Will assume transactional DDL. INFO [alembic.runtime.migration] ...
  • <p>It looks like that cuckoo refuses to start if the old instance was killed but the new one get's the same PID or the PID is now used by another process: <pre><code> Oct 16 08:57:54 cuckooc3 ...
  • Cuckoo rooter issue

    2021-01-11 20:36:35
    <div><p>Hi my cuckoo was working fine then when i turned it off then back on i am getting this error everytime ti try to start it. <p>Cuckoo Sandbox 2.0.6 www.cuckoosandbox.org Copyright (c) 2010-...
  • Cuckoo not starting guests

    2021-01-11 14:48:40
    VM: cuckoo1, error: Error getting status for virtual machine cuckoo1: internal error: client socket is closed 2019-07-22 16:25:02,977 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer ...
  • Connecting with cuckoo

    2020-12-26 17:21:40
    <p>I am trying to run analysis on Fame using cuckoo module. Every analysis ends up the same, Fame sends warning : warning: could not find execution path to "cuckoo" (cancelled) Cuckoo works ...
  • Distributed cuckoo problem

    2021-01-11 14:55:58
    - exists</li><li>slave server, file not created in /tmp, it created on master only</li><li>but folder exists and cuckoo has all privs to write there and it changed in cuckoo.conf to use /tmp/cucko-tmp...
  • Cuckoo on VirtualBox

    2021-01-11 15:06:52
    I am trying to deploy cuckoo in Virtual Box. I have two VM one is Ubuntu (Cuckoo Machine ) and other is XP. Both the systems are in Host Only Mode. I have provide Internet to Ubuntu its working ...
  • cuckoo installation error

    2021-01-11 15:34:51
    i followed the instruction on cuckoosandbox site to download the cuckoo but i get the bellow error <p><img alt="image" src=...
  • cuckoo clean issue

    2021-01-11 15:30:58
    <div><p>This removes a number of directories which cuckoo needs to operate <p>.cuckoo/storage/analysis .cuckoo/storage/binaries .cuckoo/logs <p>cuckoo error below. <p>=== Exception details...
  • Cuckoo & ELK

    2021-01-11 14:52:00
    <div><p>Hello Everyone, Is there any guide or references that how to setup ELK with cuckoo, So that it will be amazing to see the output. . Waiting for positive reply. . Thanks & Regards Seantree...
  • <div><p>it seems, I would be way better off to mine via cuckoo31 (i am on windows) , but the miner uses cucko29 ...how can I change that?</p><p>该提问来源于开源项目:mozkomor/GrinGoldMiner</p></...
  • Cuckoo start error

    2021-01-11 15:29:32
    <div><p>Thanks for creating an issue! But first: did you read our community guidelines? https://cuckoo.sh/docs/introduction/community.html</p> <h5>My issue is: Cuckoo ...cuckoosandbox/cuckoo</p></div>
  • Cuckoo架构

    2019-07-03 00:29:36
    cuckoo在部署阶段,只在Guest系统里塞了一个agent,这个agent在运行阶段负责与Host端程序进行通信,从Host端接收sample, 整个客户端程序,以及配置文件。 在Host端主要的源文件为: ./lib/cuckoo/core/scheduler.py ...

    cuckoo在部署阶段,只在Guest系统里塞了一个agent,这个agent在运行阶段负责与Host端程序进行通信,从Host端接收sample, 整个客户端程序,以及配置文件。

     

    在Host端主要的源文件为:

    ./lib/cuckoo/core/scheduler.py
    
    class AnalysisManager(Thread):
        def acquire_machine(self):
    // 获得虚拟机    
        def build_options(self):
    //生成.conf配置文件
        def launch_analysis(self):
    //启动分析过程
        def process_results(self):
    //生成分析结果报告

     

    launch_analysis会调用:

    agent/agent.py
        def add_malware(self, data, name):
        def add_config(self, options):
        def add_analyzer(self, data):
        def execute(self):

     

    执行analyser.py,由Host上传到Guest上的分析程序包含如下结构:

    .
    └── windows
        ├── analyzer.py
        ├── bin
        │   └── execsc.exe
        ├── dll
        │   ├── cuckoomon_bson.dll
        │   ├── cuckoomon.dll
        │   └── cuckoomon_netlog.dll
        ├── lib
        │   ├── api
        │   │   ├── __init__.py
        │   │   ├── process.py
        │   │   └── screenshot.py
        │   ├── common
        │   │   ├── abstracts.py
        │   │   ├── constants.py
        │   │   ├── defines.py
        │   │   ├── errors.py
        │   │   ├── exceptions.py
        │   │   ├── __init__.py
        │   │   ├── rand.py
        │   │   └── results.py
        │   ├── core
        │   │   ├── config.py
        │   │   ├── __init__.py
        │   │   ├── packages.py
        │   │   ├── privileges.py
        │   │   └── startup.py
        │   └── __init__.py
        └── modules
            ├── auxiliary
            │   ├── disguise.py
            │   ├── human.py
            │   ├── __init__.py
            │   └── screenshots.py
            ├── __init__.py
            └── packages
                ├── applet.py
                ├── bin.py
                ├── cpl.py
                ├── dll.py
                ├── doc.py
                ├── exe.py
                ├── generic.py
                ├── html.py
                ├── ie.py
                ├── __init__.py
                ├── jar.py
                ├── pdf.py
                ├── vbs.py
                ├── xls.py
                └── zip.py

    具体的inject方法在该包的api/process.py下面

    def inject(self, dll=None, apc=False):

    inject方法支持两种注入方式:

    QueueUserAPC
    CreateRemoteThread

    这两种方式的原理都是一样的,都是用LoadLibrary来替换回调函数,同时将需要加载的dll名称作为回调的参数传递给回调函数,这样回调函数一执行,相应的dll就被加载到了进行的地址空间中。

     

    在./analyser/windows/modules/packages/下面有对于各个文件格式的sample的启动代码,基本上都是:

    p = Process()
    p.execute()
    p.inject(dll)
    p.resume()
    p.close()

    基本上就是,先找到启动某一类型文件的程序,然后启动它,并且注入dll进行监控。

    对于shellcode,使用execsc.exe执行这段shellcode。

    execsc.exe的主要源码为:

    // jump into shellcode
    int (*func)();
    func = (int (*)()) buf;
    (int)(*func)();

    转载于:https://www.cnblogs.com/long123king/p/3603595.html

    展开全文

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 2,696
精华内容 1,078
关键字:

Cuckoo