Skip to content

McHughSecurity

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations
  • Toggle search form
  • Exporting Maltego Graphs to MISP Intelligence
  • Using MISP in a TraceLabs Missing Persons engagement Blog
  • TheHive 4.1.0 Deployment and Integration with MISP Build
  • External Analysis with VirusTotal Digital Forensics & Incident Response
  • Building a Cuckoo Sandbox Build
  • Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks. Digital Forensics & Incident Response
  • Building a MISP Threat Feed Aggregator Blog
  • Deploying (and using) TheHive4 [Part 1] Build

Month: May 2019

Building a Cuckoo Sandbox

Posted on May 28, 2019 By A.McHugh 1 Comment on Building a Cuckoo Sandbox

Sometimes there is a need to analyse files in a live environment where their composition and provenance may not be entirely certain. For the most part we can try to reply on virus detection and heuristics to detect potentially malicious files, but what about those files which have not yet been identified, or have been specifically crafted for your organisation as a targeted attack?

Note: I have updated this article to reflect the current installation requirements for Cuckoo on Ubuntu 18.04 (as at 22nd Feb 2021).

Read More “Building a Cuckoo Sandbox” »

Build, Digital Forensics & Incident Response

Extracting RAM from VirtualBox session

Posted on May 28, 2019 By A.McHugh No Comments on Extracting RAM from VirtualBox session

Over the last few months I have been playing with Cuckoo, and reworking its function to suit my own requirements. Part of this has involved the separation of components within Cuckoo into functional units. This particular component relates to extracting the RAM from a VirtualBox machine for analysis after ceasing the VM. For this to…

Read More “Extracting RAM from VirtualBox session” »

Digital Forensics & Incident Response, Operate

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019
  • Building a Cuckoo Sandbox Build
  • Building the Assemblyline Analyzer for TheHive’s Cortex. Digital Forensics & Incident Response
  • [Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises) Build
  • TraceLabs Missing Persons 11th of April 2020 Open-Source Intelligence
  • [Part 1] Building a Threat Integration and Testing Lab Build
  • Extracting RAM from VirtualBox session Digital Forensics & Incident Response
  • Deploying (and using) TheHive4 [Part 1] Build
  • [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform Build

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Copyright © 2022 McHughSecurity.

Powered by PressBook News Dark theme