tag:blogger.com,1999:blog-8932940317431555433.post2267155306327699044..comments2023-11-23T09:22:35.682-05:00Comments on Ghetto Forensics: Creating a Malware Sandbox in Seconds with Noriben.Brian Baskinhttp://www.blogger.com/profile/06612606264670329434noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-8932940317431555433.post-30713400386096409812018-09-06T10:37:52.480-04:002018-09-06T10:37:52.480-04:00Hi!
Would like to know whether is there a writeup...Hi!<br /><br />Would like to know whether is there a writeup for the setting up of Noriben for VM Host and VM Guest? This tool is quite interesting, however have problems with the configurationAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8932940317431555433.post-65878427523503413282017-11-26T12:34:00.737-05:002017-11-26T12:34:00.737-05:00I tend to have very little anti-VM checks in my en...I tend to have very little anti-VM checks in my environments. While there are samples that check for VMs, there are also some that only work within VM environments. One of this tool's greatest uses is that you can run it while debugging, so that you can manually bypass or verify those checks.<br /><br />To that end, I'd recommend a tool like pafish (https://github.com/a0rtega/pafish) or Al-khaser (https://github.com/LordNoteworthy/al-khaser) to scan within your VM to let you know which items to disable.Brian Baskinhttps://www.blogger.com/profile/06612606264670329434noreply@blogger.comtag:blogger.com,1999:blog-8932940317431555433.post-50509871049089302262017-11-26T09:18:29.013-05:002017-11-26T09:18:29.013-05:00Hi Brian,
Most of the modern malware are equipped ...Hi Brian,<br />Most of the modern malware are equipped with anti-virtualization tech. When you set up your vm, did you harden your vm to prevent detect?Anonymoushttps://www.blogger.com/profile/11209083553773303848noreply@blogger.comtag:blogger.com,1999:blog-8932940317431555433.post-77612780698596843122017-04-22T11:37:09.117-04:002017-04-22T11:37:09.117-04:00Not stupid at all. Running Noriben will require Py...Not stupid at all. Running Noriben will require Python to be installed within the guest. Make sure that Python.exe is either in the PATH or is associated with .py files so that it can run easily.<br /><br />To run the frontend tool (NoribenSandbox.py), you'd also need Python on the host. However, there is an old, and slightly unsupported, set of non-Python frontends (NoribenSandbox.bat and NoribenSandbox.sh) which will work with some modifications but lose a lot of functionality.<br /><br />My goal, soon, is to have Noriben.py being a compiled executable so that it won't need Python on the guest.<br /><br />When you're testing, make sure you run each script with '-d' to enable debug, so that you can see where you may need to change your configuration to fit. Today is 22 April, by the end of this weekend (hopefully) or within the next week I'll be pushing an updated version of both Noriben.py and NoribenSandbox.py.<br /><br />Thanks for the comment!Brian Baskinhttps://www.blogger.com/profile/06612606264670329434noreply@blogger.comtag:blogger.com,1999:blog-8932940317431555433.post-75965884857998337052017-04-22T07:47:49.240-04:002017-04-22T07:47:49.240-04:00Hi! A stupid question but is Python supposed to be...Hi! A stupid question but is Python supposed to be installed on the VM Host or the VM Guest?Anonymousnoreply@blogger.com