Closed Svieg closed 2 years ago
jbremer
commented
8 years ago So while this provides a decent framework for further hiding our VMs, I believe the actual interesting addition here would be the registry keys / files / etc. As-is I don't think anyone would really start using the functionality.
Svieg
commented
8 years ago Hi Jurriaan, What would be the modifications needed in order to make more interesting? It also already covers registry editing and directory modification. Maybe the way it is presented should change but are the functionalities interesting?
jbremer
commented
8 years ago So yes, the possibilities are interesting. But the most important part here is not being able to do those operations, but actually doing them, so pretty much what's happening here https://github.com/cuckoosandbox/cuckoo/blob/master/analyzer/windows/modules/auxiliary/disguise.py
Svieg
commented
8 years ago Do you think that premade profiles that users could modify be interesting ?
jbremer
commented
8 years ago @Svieg sorry for the late reply - on Github anyway - yes, premade profiles is actually what would make this PR interesting. As mentioned here just the framework for doing such things won't be picked up by the regular users ;-) Please let me know if you intend to work on such profiles.
Svieg
commented
8 years ago Yes, I would like to do it and provide a format that that would be used by Malboxes too. The profiles would be shareable between the two tools so we can help each other !
jbremer
commented
8 years ago Sounds like a plan ;-)
This pull request adds bin/vmcloak-hide that enables you to apply custom configuration profiles (formatted in JSON) to modify registry keys and directories to to create a more realistic environment for your sandbox ! It also includes bin/vmcloak-createprofile to help you create those profiles with a step-by-step text interface or by using the CLI with parameters.