SlideShare a Scribd company logo

Install Cuckoo on Mac OS X

M
Mohd Khairulazam

This document provides instructions for installing Cuckoo 0.4.1 on Mac OS X Snow Leopard to analyze malware in a virtual machine environment. It describes installing dependencies like pip, dpkt, and VirtualBox. It also explains how to set up a Windows virtual machine, edit the Cuckoo configuration file to point to the VM, run Cuckoo's agent in the VM, take snapshots of the VM for analysis, and run an example to analyze a sample file.

Technology
1 of 2
1
2
Installing Cuckoo 0.4.1 on Max OS X Snow Leopard The Environment - sudo easy_install pip - /usr/bin/ruby -e "$(/usr/bin/curl -fksSL https://raw.github.com/mxcl/homebrew/master/Library/Contributions/install _homebrew.rb)" - pip install python-magic - brew install libmagic - download dpkt source code from code.google.com/p/dpkt/downloads/list (current version is dpkt-1.7.tar.gzMar 2010) - sudo python setup.py install - sudo pip install Mako - install tcpdump - copy/usr/sbin/tcpdump to other location & preserve the attribute - sudo chmod +s /usr/sbin/tcpdump The Virtual Machine - install VirtualBox on your Mac OS X - install either Windows XP SP1 or SP2 or SP3 or Windows 7 - set the network connection as Host-Only Adapter. You also can choose Bridge Adapter if you want The Sandbox - download& etract Cuckoo from cuckoosandbox.org/downloads/cuckoocurrent.tar.gz - editconf/virtualbox.conf file. - search for label = cuckoo1 and change “cuckoo1” to your virtualbox label name this name refer at Virtualbox -> Settings -> General -> Basic -> Name - also edit platform and ip Warm-up Session - start the virtual machine - copy agent (agent.py) to virtual machine Saving the Virtual Machine *Before doing this make sure you rebooted it softly and that it’s currently running, with Cuckoo’s agent running and with Windows fully booted. - VBoxManage snapshot "<Name of VM>" take "<Name of snapshot>" --pause e.g. - VBoxManage snapshot "XP" take "XP1" –pause After the snapshot creation is completed, you can power off the machine and restore it: - VBoxManage controlvm "<Name of VM>" poweroff - VBoxManage snapshot "<Name of VM>" restorecurrent e.g. - VBoxManage controlvm "XP" poweroff - VBoxManage snapshot "XP" restorecurrent
Running a Sample for the first time On terminal, open 3-seperated tabs. On tab 1, - python cuckoo.py On tab 2, - python wed.py - then open localhost:8080 on your web browser On tab 3, - python submit.py <filename> Watching the first tab, wait till analysis is done. Next refresh your browser. You should see the results there.

More Related Content

PPTX
Securing the LAN Best practices to secure the wired access network
Aruba, a Hewlett Packard Enterprise company
 
PDF
EL CULTIVO DEL PAICHE..IIAP.pdf
carlos alvarez
 
PPTX
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
PDF
From Mediasoup WebRTC to Livekit Self-Hosted .pdf
atyenoria
 
PPTX
ISO 22000 (Food Mangement system)
Ayesha Hameed
 
PDF
Edomae 2015 - マルウェアを解析してみよう
Satoshi Mimura
 
PPTX
How to go the extra mile on monitoring
Tiago Simões
 
PDF
JavaCro'15 - Conquer the Internet of Things with Java and Docker - Johan Jans...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Securing the LAN Best practices to secure the wired access network
Aruba, a Hewlett Packard Enterprise company
 
EL CULTIVO DEL PAICHE..IIAP.pdf
carlos alvarez
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
From Mediasoup WebRTC to Livekit Self-Hosted .pdf
atyenoria
 
ISO 22000 (Food Mangement system)
Ayesha Hameed
 
Edomae 2015 - マルウェアを解析してみよう
Satoshi Mimura
 
How to go the extra mile on monitoring
Tiago Simões
 
JavaCro'15 - Conquer the Internet of Things with Java and Docker - Johan Jans...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 

Similar to Install Cuckoo on Mac OS X (20)

ODT
openQRM how-to: Setup UEC and openQRM cloud
openQRM Enterprise GmbH
 
PDF
Play Framework in EC2
kamarul kawnayeen
 
PPTX
Kubernetes BateMetal Installation and Practice
wonyong hwang
 
PDF
Openstack kilo installation using rdo
Narasimha sreeram
 
PPTX
Creating your own AtoM demo data set for re-use with Vagrant
Artefactual Systems - AtoM
 
PPTX
Installaling Puppet Master and Agent
Ranjit Avasarala
 
PPTX
OFY-2015-Cloud-In-A-Day
kbshiv
 
PDF
9 creating cent_os 7_mages_for_dpdk_training
videos
 
PPTX
Continuous delivery with docker
Johan Janssen
 
PDF
Making environment for_infrastructure_as_code
Soshi Nemoto
 
PPTX
Vagrant, Ansible, and OpenStack on your laptop
Lorin Hochstein
 
PDF
Installation of lammps-5Nov14 on Mac OS X Yosemite
first name chibaf
 
PDF
Quick & Easy Dev Environments with Vagrant
Joe Ferguson
 
PPT
Nuxeo5 - Continuous Integration
PASCAL Jean Marie
 
ODP
Redmine on amazon ec2
Ikuru Kanuma
 
PDF
DevOpsDays Amsterdam Cosmic workshop
Remi Bergsma
 
PDF
RDO-Packstack Workshop
Thamrongtawal Hashim
 
PDF
DevOps(4) : Ansible(2) - (MOSG)
Soshi Nemoto
 
PPTX
Java App On Digital Ocean: Deploying With Gitlab CI/CD
Seun Matt
 
PPTX
Academy PRO: Docker. Lecture 4
Binary Studio
 
openQRM how-to: Setup UEC and openQRM cloud
openQRM Enterprise GmbH
 
Play Framework in EC2
kamarul kawnayeen
 
Kubernetes BateMetal Installation and Practice
wonyong hwang
 
Openstack kilo installation using rdo
Narasimha sreeram
 
Creating your own AtoM demo data set for re-use with Vagrant
Artefactual Systems - AtoM
 
Installaling Puppet Master and Agent
Ranjit Avasarala
 
OFY-2015-Cloud-In-A-Day
kbshiv
 
9 creating cent_os 7_mages_for_dpdk_training
videos
 
Continuous delivery with docker
Johan Janssen
 
Making environment for_infrastructure_as_code
Soshi Nemoto
 
Vagrant, Ansible, and OpenStack on your laptop
Lorin Hochstein
 
Installation of lammps-5Nov14 on Mac OS X Yosemite
first name chibaf
 
Quick & Easy Dev Environments with Vagrant
Joe Ferguson
 
Nuxeo5 - Continuous Integration
PASCAL Jean Marie
 
Redmine on amazon ec2
Ikuru Kanuma
 
DevOpsDays Amsterdam Cosmic workshop
Remi Bergsma
 
RDO-Packstack Workshop
Thamrongtawal Hashim
 
DevOps(4) : Ansible(2) - (MOSG)
Soshi Nemoto
 
Java App On Digital Ocean: Deploying With Gitlab CI/CD
Seun Matt
 
Academy PRO: Docker. Lecture 4
Binary Studio
 
Ad

Recently uploaded (20)

PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Approach and Philosophy of On baking technology
30anthuong17
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Ad

Install Cuckoo on Mac OS X

  • 1. Installing Cuckoo 0.4.1 on Max OS X Snow Leopard The Environment - sudo easy_install pip - /usr/bin/ruby -e "$(/usr/bin/curl -fksSL https://raw.github.com/mxcl/homebrew/master/Library/Contributions/install _homebrew.rb)" - pip install python-magic - brew install libmagic - download dpkt source code from code.google.com/p/dpkt/downloads/list (current version is dpkt-1.7.tar.gzMar 2010) - sudo python setup.py install - sudo pip install Mako - install tcpdump - copy/usr/sbin/tcpdump to other location & preserve the attribute - sudo chmod +s /usr/sbin/tcpdump The Virtual Machine - install VirtualBox on your Mac OS X - install either Windows XP SP1 or SP2 or SP3 or Windows 7 - set the network connection as Host-Only Adapter. You also can choose Bridge Adapter if you want The Sandbox - download& etract Cuckoo from cuckoosandbox.org/downloads/cuckoocurrent.tar.gz - editconf/virtualbox.conf file. - search for label = cuckoo1 and change “cuckoo1” to your virtualbox label name this name refer at Virtualbox -> Settings -> General -> Basic -> Name - also edit platform and ip Warm-up Session - start the virtual machine - copy agent (agent.py) to virtual machine Saving the Virtual Machine *Before doing this make sure you rebooted it softly and that it’s currently running, with Cuckoo’s agent running and with Windows fully booted. - VBoxManage snapshot "<Name of VM>" take "<Name of snapshot>" --pause e.g. - VBoxManage snapshot "XP" take "XP1" –pause After the snapshot creation is completed, you can power off the machine and restore it: - VBoxManage controlvm "<Name of VM>" poweroff - VBoxManage snapshot "<Name of VM>" restorecurrent e.g. - VBoxManage controlvm "XP" poweroff - VBoxManage snapshot "XP" restorecurrent
  • 2. Running a Sample for the first time On terminal, open 3-seperated tabs. On tab 1, - python cuckoo.py On tab 2, - python wed.py - then open localhost:8080 on your web browser On tab 3, - python submit.py <filename> Watching the first tab, wait till analysis is done. Next refresh your browser. You should see the results there.