In this multi-part post I’m going to share a few techniques I use to automate some of the required analysis of suspecious software.
This includes navitve tools on OSX with a victim machine (guest os) in VirtualBox. All analysis is them sent to a Cuckoo instance for automated analysis. Please note this includes a single virtual machines and a host computer, however you could install Cuckoo on a virtual hosts to achieve the same results.
A high-level architecture is below for reference:
At a minimum you need to have the following software intalled on your OSX device:
- Homebrew + additional system libraries
- Xcode + commandline tools
- Virtualbox + 1 or 2 guest machines, depending on your architecture
- Cuckoo application + dependiences (If not in a virtual machine - optional)
- Malware :)
Stay tuned, in part 2 we will discuss preparing your host machine.