Sunday, December 30, 2012

Controlling cuckoo-sandbox from C#

After testing some metasploit modules today, I decided writing some bindings for cuckoo-sandbox would be fun. I have been writing a small project that my clamav bindings to watch high risk areas and scan them on the fly. A fun, new addition would be to automagically submit anything found by clamav straight to cuckoo-sandbox and get the report back.

The code is on github and there is a small example application. Not every method is implemented fully, but it is still fun to play with. I did have to use a third party library for JSON parsing because of a bug in Mono's JavaScriptSerializer.

There is also an example program.


Sunday, December 23, 2012

Added environment variable recovery from pagefiles to volatile reader

I added string search support to page files inside volatile reader, and used that as an opportunity to add environment variable recovery as well. The following pagefile was taken from a 64-bit windows 7 VM and was 4.3 GB. The code is in github.