Closed swthorn closed 3 years ago
doomedraven
commented
3 years ago hello, you can analyze them yes, using systemtap that was done for cuckoo, but that was done for ubuntu 17.04 and nobody updates that, so mostly you can analyze linux binaries for networking more than behavior https://github.com/kevoreilly/CAPEv2/blob/master/docs/book/src/installation/guest/linux.rst
capemon itself is windows only
swthorn
commented
3 years ago I got the current version of systemtap working in latest Fedora and set it up for CAPE, with systemtap logs being generated fine. I noticed there's a processing module (modules/processing/platform/Linux.py) that parses the systemtap output. I've enabled this processing module but it doesn't appear to do anything.
It's okay if you don't know, but what sorts of improvements would need to be made to have this functioning correctly and display API function calls or other systemtap info on the behavior analysis?
doomedraven
commented
3 years ago well you just need to check why the logs are not processed, if fileanme changed or something like that, that would be a first step
kevoreilly
commented
3 years ago To answer your question more generally, capemon is very much an operating system-specific component; there is no overlap with Linux for this Windows-specific code. I will wait and hope that someone will introduce a more capable Linux monitor at some stage.
Hey,
More of a question then an issue, but is it possible to analyze generic Linux Binaries using capemon or CAPEv2 more generally?
I want to analyze some Binaries inside of a docker container. I successfully wrote a machinery module to work with docker and CAPEv2, but I'm quickly realizing now that it looks like (based on capemon code) that it likely only supports Windows APIs.
So, my question is, is it possible with CAPEv2 to analyze generic linux binaries (either in or out of a container) and if not how difficult would it be to add functionality to capemon for this?