Cuckoo Install - Your Own Malware Sandbox!
HTML-код
- Опубликовано: 4 авг 2024
- Join me as we install Cuckoo. Your very own malware sandbox! Let's deploy a Host Intrusion Detection System and SIEM with free open source tools. Join me as we explore and learn together.
GitHub: github.com/OpenSecureCo/Demos...
Doc: cuckoo.sh/docs/installation/h...
Discord Channel: / discord
Check us out: www.opensecure.co/
Interact with our demo: www.opensecure.co/demo
Hire us: www.opensecure.co/contact-us Наука
This video made my day! My sandbox finally worked! I was banning my head trying to set it up with GUI. Headless VMs made it work with my limited compute resources.
Thanks for watching :)
After some days trying to use this sandbox i found your tutorial, it solved my problems and is working great! Thanks a lot.
Great video, I was really looking for a video guiding me to step-by-step process of how to prepare cuckoo.
I will try this next week and I hope that it works without any issue.
Thank you for your efforts.
Did this work
Thank you that helping me for creating environment dynamic analysis thanks again
great bro! thanks for your job!
Great video man !
Really thanks for all!
Thanks for watching!
tyvm for this guide
Awesome, thanks,
Thank you 👏👏👏
The Vnet box stuff kind of goes over my head, do you need your original ubuntu vm running in a dmz environment?
Another great video. Would love to see cuckoo integration with both misp and cortex
Coming soon
Great video. Can i set up a windows 7 vm with iso on vmware instead using virtual machine github part in your video ?
Do you know how I can delete snapshots if I want to install some additonal package to cloned image ? I have tried deleting Snapshots from VirtualBOX GUI or Run VBoxManage unregistervm | [--delete] and it works but VMs are still listed when running "vmcloak list vms" Do I have to delete snapshots using some vmcloak snapshot command ?
Hi! I have a problem, after creating win7 image: vmcloak init --verbose --win7x64 win7x64base --cpus 2 --ramsize 2048
I got this loop error message with debug mode: DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'win7x64base', '--machinereadable']
Can u help me? Im using Ubuntu same as you on the virtualbox. Im waited for 30 minutes and nothing happend.
sudo apt-get install mongodb -y doesn't seem to work because that package has no valid installation candidate. Any alternatives?
thanks for the informative video :), i was thinking maybe we can do an automated analysis for email attachment i remember saw it somewhere online it was an awesome project.
Yes I actually have a similar video to that in the pipeline! Stay tuned and thanks for watching!
Thank you for this awesome guide! By the way: How can I automate the process of rebooting cuckoo after unwanted VM restart (power off and etc)?
You could create a bash script that runs the various cuckoo tools commands "rooter, cucko web, cuckoo, etc." and runs them as a background job
Amazing video, I was strugling to get cuckoo up and running (mostly because of the different versions referenced in the docos). Any good KB article what guides me to spin up a linux VM instance inside cuckoo to analyze Linux/ELF like malware? Thanks.
how is the video amazing when you cant barely install the thing?
hello , i have this error after running cuckoo : Error checking for the latest Cuckoo version: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",)!
update regarding the steup. it took me almost one week but its fully functional now. i must admit its a beautiful machine.
if i do the network routing for the internet like the video and have the network for the win7 vm set host adapter only. will it put other devices on my actual network at risk if i run wannacry inside cuckoo?
great video yours is the best one Ive watch !
Hey George, it is my understanding that using the "dirty line" technique, the vm can only reach the internet, no other internal hosts: cuckoo.readthedocs.io/en/latest/installation/host/routing/. But please ensure to tread carefully! Thanks for watching
Really helpfull video!
Something i would like ask is how to turn on virtualization inside ubuntu host? Thats the reason can't clone the win7x64base in 20:03...
mee too, need to fix this
i am getting an error for markupsafe -|> i am using ubuntu 16.04 with python2.7
Can you do one on CapeV2
Hello, thank you for your video. how can install cuckoo with python 3?
What are the versions used for mongodb and virtualbox. I tried mongodb version 4 and 5 with vbox v5.2 but there's a dependency conflict as mongodb uses libcurl4 and virtualbox uses libcurl3. I tried a couple of solutions online but none of it seemed to work.
If you had this problem use mongodb 3.6
Hello, can you help me?
It tells me that python 2 is deprecated, so I can't use pip either.
I have to use pip3 for everything or how can I continue? Thank you
As of now Cuckoo is not written for Python3...they say it is in the works but it has been a few years that they have been saying that so I am not sure if that is still on their roadmap. I would advise checking out CapeV2 which is a fork of Cuckoo and is a tool I am hoping to deploy soon! github.com/kevoreilly/CAPEv2
Can Iit analyze windows executable?
mkvirtualenv -p python2.7 cuckoo-test it gives me error mkvirtualenv command not found
how to fix this
Can you do one on cuckoo 3?
Please make an installation video for Mac
hello
when i run
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
get this reply when
Failed to set capabilities on file `/usr/sbin/tcpdump' (Invalid argument)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
I have tried all kinds of methods on the Internet and can't solve this problem
Could you please help me?
I’m enjoying the content. I ran into an issue when attempting to install office. I can’t find the documentation for vmcloak flags/switches to provide the path to office.exe and or the flag/switch to specify the office key. Any help would be appreciated.
Hey Ev3rNub, you can use this command to install office "vmcloak install win7x64cuckoo office office.version=2007 office.isopath=/path/to/office2007.iso office.serialkey=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
You can grab the office2007 iso from here: archive.org/download/ms-office-2007/MS%20Office%202007.iso
Thanks for watching!
@@taylorwalton_socfortress Thank you, I did see this, however I don't have an office 2k7 serial key, just a 2013 one from my laptop.
@@Ev3rnub You could use office 2013 as well just make sure you specific that version and the correct iso
@@taylorwalton_socfortress I have the executable for office2013, no ISO.
Any chance of getting installation video of cuckoo for latest python3. Not able to install yet all using these commands.
the actual cuckoo project is abandoned and no longer maintained...sooo you aren't going to be getting anything anytime soon
I'm hitting a lot of errors with the commands as shown in the github link. Are they still correct? I'm on Ubuntu 21.10.
I haven't tested on Ubuntu 21.10. I deployed on Ubunut 20.04 in this video...what errors are you getting? Maybe you could try downloading what is missing?
@@taylorwalton_socfortress when I try to install m2crypto via sudo pip install M2Crypto, I get a wall of errors. If I try to proceed without that, then the installation for cuckoo itself also results in a wall of errors. I copied and pasted the commands to be certain, which were all successful up until that m2crypto attempt. I'm not sure where to begin re: finding root cause in the errors I received.
why my cuckoo pendingfor anakyze?
can i use cuckoo with big .exe installers which is of 2gb or 30gb
Hey there, I’m not sure what the limit is on file size restrictions. Not sure if it is hard set directly within Cuckoo or if it only depends on resources available to your VM. Be worth a stress test :) let me know what you find out.
Thanks for watching!
can you do on Cuckoo 3 please :(
The first time it works, but after a Reboot, I can't use it anymore. It would be nice if you also would make a video on how to set up cuckoo to autostart after reboot.
run a systemctl enable command to startup the services upon reboot
@@mastersergant1287bro I can’t believe you were the first person to reply to this guy about the enable option for systemctl. Good looking out!
Hope you all are playing with every Linux distro, it’s the easiest way to learn your way around the terminal and even powershell imo.
Ctrl+A moves the cursor to the begging of a command,
Ctrl+E moves the cursor to then end of a command.
i am getting 404 for win7 iso
whaat its asking me a password for cuckoo during the bash script part - I thought we disabled the passwords
dude why is this so complicated - I keep running into more errors
In order to use the cuckoo web interface it is required to have mongodb up and running and enabled in cuckoo.please refer to our offocial documentation as well as the reporting.conf file.
This is the error i get when I run the web interface.. Please let me know a solution
Time stamp 36:23
has anyone seriousally been able to install this thing? i doubt it.
Anyone know if there's just an OVA for this? Seems like a lot of boring stuff I have no interest in doing. I'd just like to try cuckoo out.
please help. got an error when I run this command: vmcloak init --verbose --win7x64 win7x64base --cpus 2 --ramsize 2048
It seems that it cannot create VM. see below:
Could not create the medium storage unit '/home/.../VirtualBox VMs/HDNode1/HDNode1.vdi'. VDI: setting image size failed for '/home/.../VirtualBox VMs/HDNode1/HDNode1.vdi' (VERR_INVALID_PARAMETER).
Result Code: VBOX_E_FILE_ERROR (0x80BB0004) Component: MediumWrap Interface: IMedium {4afe423b-43e0-e9d0-82e8-ceb307940dda}
Hi, I have used Ubuntu server 20.04.4 LTS... and couldt get over the following step.
ekrem@ubuntu20:/opt$ mkvirtualenv -p python2.7 cuckoo-test
mkvirtualenv: command not found