Comments (22)
Could you clarify? All items referenced are marked as closed. We have this deployed in KVM and would love to understand which portion is failing.
from cape.
I recently heard that someone had successfully tested it on QEMU and it worked but a contributor (enzo) had problems on his KVM setup which was described at the end of issue #13 when he was testing the Ursnif package. But if 'Extraction' jobs work (i.e. produce payloads) then it should be working as this package uses the debugger.
If you find this works then I can close the issue - I'll check with enzo too.
from cape.
I can confirm that I have unpredictable behavior when running QEMU v 1.5.x with Centos 7 with the included backports.
Upgrading to 2.10 fixed all the errors and unpredictable crashes for me, however it's possible that v2.0.0 might fix it as well. I've included additional anti-antivm hardening scripts based upon @doomedraven original work.
Certainly relates to missing backports from the 2.x branch, leaving the 1.x QEMU branch crippled.
kvm-qemu-2.12-antivm-patch.sh.txt
kvm-qemu-2.0-antivm-patch.sh.txt
from cape.
My setup is Ubuntu 16.04, QEMU v 2.6.1
What "included backports" are you referencing? My version of QEMU appears to be newer than what you are running. What do the anti-antivm hardening scripts accomplish?
Thanks.
from cape.
from cape.
from cape.
this week it also will be for debian based ;)
kvm using qemu in background, qemu uses kvm acceleration basically
from cape.
Am I right in thinking this can be closed now? Has it been show that the debugger can indeed work with KVM? Is the latest generic version working, or does it need special patches?
from cape.
I never was able to get this to work with Ubuntu KVM. I've since abandoned that server instance for ESXi based VMs.
from cape.
I am now thinking KVM/QEMU might be the way forward, @doomedraven is using this and I think can achieve far better stealth against anti-vm than VMware ever will.
from cape.
I am going to add a couple of bare metal systems to my sandbox network. I am using hardware firewalls and dedicated Tor nodes that fail safe. Couldn't make this work with KVM and rooter. I may look into adding an Ubuntu KVM running on the ESXi. No idea if that's even viable.
from cape.
Couldn't make this work with KVM and rooter.
debugger part or kvm itself?
from cape.
I too have been trying to get cape running on bare metal - I have been trying to set up FOG to do the remote re-imaging of the target hosts but ended up getting bogged down in PXE boot problems... How are you planning to tackle re-imaging?
from cape.
Just the debugger. Rooter worked fine otherwise.
from cape.
I was looking at FOG as well.
from cape.
from cape.
I’m having some big disappointments.
interesting can you share it with us?
from cape.
from cape.
Thats maybe can be hardware issue, on my side im using it on 5 servers and it just flying
from cape.
To follow up on this, my issue with performance with kvm/kvm remote is that I had over allocated resources to my target VMs.
I'm currently experiencing a seamless analysis experience on CentOS 7 with KVM Remote. I feel like this is ready to be closed, however I obviously need more user buyoff since I'm the only one reporting positive results.
from cape.
im using kvm but not remote and it works just fine <3
from cape.
Sounds like it works for everyone! Happy days.
from cape.
Related Issues (20)
- Alembic not updating db properly HOT 5
- Error when installing from requirements.txt HOT 4
- VPN not selectable in Web Interface HOT 36
- x64 DLL Extraction module doesn't work HOT 1
- Which commit was capemon.dll compiled from HOT 4
- Small bug on web UI submission template HOT 1
- File not detected as being in VT HOT 2
- Injection vs Extraction HOT 4
- Agent.py HOT 3
- KeyError: (<weakref at 0x7fbf4a8f5d68; to 'function' at 0x7fbf43b9dd90 (go)>,) HOT 4
- Permission for Scraping https://www.capesandbox.com/analysis/ HOT 2
- [Feature Request] Add support for Unfurl HOT 1
- Invalid URL under C2Server HOT 1
- Memory Dump on proxmox HOT 1
- Samples not analyzed on Linux guest (Ubuntu 18.04 32-bits) HOT 2
- The PCAP file does not exist
- Result Server Binding error HOT 1
- Cape Sandbox linux analysis
- Linux Analysis of Cape Sandbox
- Getting zero mal score in linux analysis
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cape.