Home

Awesome

BoomBox

BoomBox

GitHub Release Date Latest GitHub release

BoomBox is designed for malware analysts and incident responders. It allows for the rapid deployment of a dynamic malware analysis environment using Cuckoo Sandbox and a Windows 10 detonation chamber. Cuckoo is configured to use the physical machinery so that both Cuckoo and the Windows sandbox can be virtual machines on a single host.

Features

Requirements

Quickstart

BoomBox includes a single build script for Linux, macOS, and Windows. This script will build and configure the Windows 10 and Cuckoo virtual machines from the ground up using Packer and Vagrant. The entire build process for BoomBox takes around 30-60 minutes.

Linux/macOS

Windows

Manually Building BoomBox

  1. Build the Windows sandbox using Packer
$ cd BoomBox/Packer
$ packer build --only=virtualbox-iso sandbox.json
  1. Move the resulting .box file into the Boxes directory

    mv sandbox_virtualbox.box ../Boxes

  2. cd ../Vagrant and inside the Vagrantfile change cfg.vm.box = "boomboxes/sandbox" to cfg.vm.box = ../Boxes/sandbox_virtualbox.box

  3. Install the Vagrant-Reload plugin

    vagrant plugin install vagrant-reload

  4. Run the ./build.sh for Linux/macOS or ./build.ps1 for Windows from the project root directory

  5. Logs from the build process are located in the Vagrant directory as vagrant_up_<host>.log

Basic Vagrant Usage

Vagrant commands must be run from the "Vagrant" folder.

Lab Information

Snapshots

There are revert.ps1 and revert.sh scripts that are to be used to restore a clean version of the Windows sandbox. This script will need to be run after each submission to Cuckoo to ensure a consistent detonation environment. This is a temporarily solution until there is a good way to have this done automatically after each detonation.

Todo

Contributing

Check out CONTRIBUTING.md for details on submitting a pull request.

Credits

The majority of this project was directly borrowed from Chris Long's DetectionLab, which is an incredible resource for defenders looking to build a Windows lab.