Need Guidance

[mohitbhatt-du]

Dear Tamas K. Lengyel Sir,

We are undergraduate students and working on a project on malware analysis.

Following your blog, we have successfully setup drakvuf tool and it is giving us the system call traces of all the processes running in the system.

We now request you to guide us how to use drakvuf efficiently for generating various types of logs of malware executables.

We would be grateful if you can please provide us some specific commands related to:

1. Injecting malware files directly from dom0 (ubuntu) terminal into domU (win7)
2. Commands to generate various logs such as network dump info of a particular process, system calls of a particular process, file related artifacts etc.

We need to generate dataset having variety of features of malware after executing them in VM and extracting logs at Dom0.

Kindly provide your guidance so that we can move ahead further. Thanks

ACSR team Doon University Dehradun

[tklengyel]

1. use injector with writefile method
2. drakvuf does not capture network traffic, but you can do that using tcpdump on the vif interface. if you want the syscalls for a particular process just grep through the logs for the CR3 corresponding to the process

[Rahulrajak1710]

Hi, I am rahul,a cseundergraduate.I am new to open source contributions but I am well aware of Java,C,Html,Css,JavaScript,React.js.I would love contribute in The Honeynet Project organization could you please tell me how to get started? Hoping to hear from you soon. Regards Rahul