Sometimes it may happen that you see some signs of malware on one of your Windows hosts, like f. e. IDS detecting traffic to a known C&C server or some common pattern, but installed AntiVirus doesn’t raise any alarm.
Following article covers installation and hardening of the latest (Git) Cuckoo Sandbox version. There are few articles about setting up Cuckoo on Ubuntu/Debian, I had no luck however to find one describing this process on Gentoo. There is no guide about hardening latest (0.6+) Cuckoo as well.
If you’re an IT Security researcher and you’d like to know how a particular malware works and what it does on infected machine, or maybe you just have a sample which you suspect to be malicious – you probably need a Sandbox.
Welcome everyone! I’m an IT Security researcher and I’ve created this blog to share my knowledge in this area. I’ll mostly focus on malware analysis and forensic investigations, I’ll also present some tips and tricks useful for securing Linux and Windows environments.