Skip to content

McHughSecurity

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations
  • Toggle search form
  • Using MISP in an air-gapped environment Design
  • Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks. Digital Forensics & Incident Response
  • Threat hunting with Elasticsearch and Kibana (Part 1) Digital Forensics & Incident Response
  • Implementing Elastic Cloud and using Elastic Security Build
  • Building Structured Threat Intelligence (STIX) from FBI notices MISP - Open Source Threat Intelligence Platform
  • Deploying (and using) TheHive4 [Part 1] Build
  • Building the Assemblyline Analyzer for TheHive’s Cortex. Digital Forensics & Incident Response
  • Using the Estimative Language Taxonomy in MISP MISP - Open Source Threat Intelligence Platform

Tag: cuckoo

Building a Cuckoo Sandbox

Posted on May 28, 2019 By A.McHugh 1 Comment on Building a Cuckoo Sandbox

Sometimes there is a need to analyse files in a live environment where their composition and provenance may not be entirely certain. For the most part we can try to reply on virus detection and heuristics to detect potentially malicious files, but what about those files which have not yet been identified, or have been specifically crafted for your organisation as a targeted attack?

Note: I have updated this article to reflect the current installation requirements for Cuckoo on Ubuntu 18.04 (as at 22nd Feb 2021).

Read More “Building a Cuckoo Sandbox” »

Build, Digital Forensics & Incident Response

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019
  • Using MISP in an air-gapped environment Design
  • TheHive 4.1.0 Deployment and Integration with MISP Build
  • Building a Cuckoo Malware Analysis Server Digital Forensics & Incident Response
  • Building the Assemblyline Analyzer for TheHive’s Cortex. Digital Forensics & Incident Response
  • Building a parallel-analysis Cuckoo server Digital Forensics & Incident Response
  • Auto-updating Ubuntu 20.04 in less than 2 minutes Operate
  • Security Orchestration with Shuffle.io Design
  • [Part 1] Building a Threat Integration and Testing Lab Build

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Copyright © 2022 McHughSecurity.

Powered by PressBook News Dark theme