CERT-Polska / Drakvuf Sandbox
Licence: other
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
Stars: ✭ 384
Programming Languages
javascript
184084 projects - #8 most used programming language
Projects that are alternatives of or similar to Drakvuf Sandbox
Pafish
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
Stars: ✭ 2,026 (+427.6%)
Mutual labels: sandbox, malware, reverse-engineering, malware-analysis, malware-research
Malware Analysis Scripts
Collection of scripts for different malware analysis tasks
Stars: ✭ 61 (-84.11%)
Mutual labels: malware, malware-analysis, malware-research, reverse-engineering
Dex Oracle
A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis
Stars: ✭ 398 (+3.65%)
Mutual labels: malware, malware-analysis, malware-research, reverse-engineering
Freki
🐺 Malware analysis platform
Stars: ✭ 285 (-25.78%)
Mutual labels: malware, malware-analysis, malware-research, reverse-engineering
Antidebugging
A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
Stars: ✭ 161 (-58.07%)
Mutual labels: malware, malware-analysis, malware-research, reverse-engineering
Simplify
Android virtual machine and deobfuscator
Stars: ✭ 3,865 (+906.51%)
Mutual labels: malware, malware-analysis, malware-research, reverse-engineering
fame modules
Community modules for FAME
Stars: ✭ 55 (-85.68%)
Mutual labels: malware, malware-analysis, malware-research
memscrimper
Code for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"
Stars: ✭ 25 (-93.49%)
Mutual labels: sandbox, malware, malware-research
malware-writeups
Personal research and publication on malware families
Stars: ✭ 104 (-72.92%)
Mutual labels: malware, malware-analysis, malware-research
Malware-Machine-Learning
Malware Machine Learning
Stars: ✭ 26 (-93.23%)
Mutual labels: malware, malware-analysis, malware-research
bluepill
BluePill: Neutralizing Anti-Analysis Behavior in Malware Dissection (Black Hat Europe 2019, IEEE TIFS 2020)
Stars: ✭ 94 (-75.52%)
Mutual labels: malware, malware-analysis, malware-research
decrypticon
Java-layer Android Malware Simplifier
Stars: ✭ 17 (-95.57%)
Mutual labels: malware, malware-analysis, malware-research
Docker Cuckoo
Cuckoo Sandbox Dockerfile
Stars: ✭ 289 (-24.74%)
Mutual labels: sandbox, malware, malware-analysis
yara
Malice Yara Plugin
Stars: ✭ 27 (-92.97%)
Mutual labels: malware, malware-analysis, malware-research
Anti-Debugging
A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
Stars: ✭ 297 (-22.66%)
Mutual labels: malware, malware-analysis, malware-research
Polichombr
Collaborative malware analysis framework
Stars: ✭ 307 (-20.05%)
Mutual labels: malware-analysis, malware-research, reverse-engineering
binlex
A Binary Genetic Traits Lexer Framework
Stars: ✭ 303 (-21.09%)
Mutual labels: malware, malware-analysis, malware-research
MalwareDatabase
One of the few malware collection
Stars: ✭ 37 (-90.36%)
Mutual labels: malware, malware-analysis, malware-research
freki
🐺 Malware analysis platform
Stars: ✭ 327 (-14.84%)
Mutual labels: malware, malware-analysis, malware-research
MalwareDatabase
Malware samples for analysis, researchers, anti-virus and system protection testing.(1300+ Malware-samples!)
Stars: ✭ 21 (-94.53%)
Mutual labels: malware, malware-analysis, malware-research
DRAKVUF Sandbox
DRAKVUF Sandbox is an automated black-box malware analysis system with DRAKVUF engine under the hood, which does not require an agent on guest OS.
This project provides you with a friendly web interface that allows you to upload suspicious files to be analyzed. Once the sandboxing job is finished, you can explore the analysis result through the mentioned interface and get an insight on whether the file is truly malicious or not.
Because it is usually pretty hard to set up a malware sandbox, this project also provides you with an installer app that would guide you through the necessary steps and configure your system using settings that are recommended for beginners. At the same time, experienced users can tweak some settings or even replace some infrastructure parts to better suit their needs.
Quick start
Supported hardware & software
In order to run DRAKVUF Sandbox, your setup must fullfill all of the listed requirements.
- Processor:
- ✔️ Required Intel processor with Intel Virtualization Technology (VT-x) and Extended Page Tables (EPT) features
- Host system with at least 2 core CPU and 5 GB RAM, running GRUB as bootloader, one of:
- ✔️ Debian 10 Buster
- ✔️ Ubuntu 18.04 Bionic
- ✔️ Ubuntu 20.04 Focal
- Guest system, one of:
- ✔️ Windows 7 (x64)
- ✔️ Windows 10 build 2004 (x64)
Nested virtualization:
- ✔️ Xen - works out of the box.
- ✔️ VMware Workstation Player - works, but you need to check Virtualize EPT option for a VM; Intel processor with EPT still required.
- ✔️ KVM - works, however it is considered experimental. If you experience any bugs, please report them to us for further investigation.
- ❌ AWS, GCP, Azure - due to lack of exposed CPU features, hosting DRAKVUF Sandbox in the cloud is not supported (although it might change in the future).
- ❌ Hyper-V - doesn't work.
- ❌ VMWare Fusion (Mac) - doesn't work.
Maintainers/authors
Feel free to contact us if you have any questions or comments.
General contact email: [email protected] (fastest response)
This project is authored by:
- Michał Leszczyński (@icedevml) - [email protected]
- Adam Kliś (@BonusPlay) - [email protected]
- Hubert Jasudowicz (@chivay) - [email protected]
- Konstanty Cieśliński (@kscieslinski) - [email protected]
You can also reach us on IRC - #[email protected].
If you have any questions about DRAKVUF engine itself, contact [email protected]
CEF Notice
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].