Example #1
0
from bph.tools.windows.nircmd import BphNirCmd as NirCmd
from bph.tools.windows.procmon import BphProcMon as ProcMon

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

procmon = ProcMon()
procmon.capture()
procmon.execute(delay=10)         

sample_exec = NirCmd(LabFile(session.launcher_abs_path))
sample_exec.configuration.execution.background_run = False
sample_exec.start_process(program='@sample@')
sample_exec.execute()

procmon.terminate()
procmon.execute(delay=15)

procmon.export()
procmon.execute(delay=10)

procmon.files()
Example #2
0
from bph.analysis.network import BphNetworkAnalysisCsvReader as NetworkAnalysisCsvReader

import time

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

ntv = NetworkTrafficView()
ntv.start()
ntv.execute()

sample_exec = NirCmd(LabFile(session.launcher_abs_path))
sample_exec.configuration.execution.background_run = False
sample_exec.start_process(program='@sample@')
sample_exec.execute(delay=10)

ntv.stop()
ntv.execute()

for csv_file in ntv.files():
    ntv = NetworkAnalysisCsvReader(tool_name='networktrafficview',
                                   csv_file=csv_file)
    ntv.fetch(data_type='domains')

kill_process = NirCmd()
kill_process.kill_process(program='@sample@')
kill_process.execute()
Example #3
0
from bph.tools.windows.pd import BphPd as Pd
from bph.tools.windows.nircmd import BphNirCmd as NirCmd

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.sample import BphSample as Sample
from bph.core.sample import BphLabFile as LabFile
from bph.core.session import BphSession as Session

session = Session(project_name='blackhat_arsenal_2019')
session.start()

templateserver = TemplateServer()
templateserver.start()

nircmd = NirCmd()
nircmd.start_process(program=r'calc.exe')
nircmd.execute(delay=3)

pd = Pd()
pd.dump_process(process_name='calc.exe')
pd.execute(delay=5)

files_found = pd.files()

for file_found in files_found:
    if file_found.endswith('.exe'):

        dumped_file = LabFile(file_found)

        for symbol, function_data in dumped_file.symbols(
Example #4
0
# Analysis Imports
from bph.analysis.network import BphNetworkAnalysisCsvReader as NetworkAnalysisCsvReader

import time

session = Session(project_name='blackhat_arsenal_2019')
session.start()

templateserver = TemplateServer()
templateserver.start()

ntv = NetworkTrafficView()
ntv.start()
ntv.execute()

nircmd = NirCmd()
nircmd.configuration.reporting.report_files = True
nircmd.start_process(
    program=
    r'python -c "import urllib2 ; print(urllib2.urlopen(\"https://icanhazip.com\").read().strip())" > @report_folder@\\nircmd.log'
)
nircmd.execute(delay=5)

ntv.stop()
ntv.execute()

for csv_file in ntv.files():
    ntv = NetworkAnalysisCsvReader(tool_name='networktrafficview',
                                   csv_file=csv_file)
    ntv.fetch(data_type='domains')
Example #5
0
# Tool Imports
from bph.tools.windows.nircmd import BphNirCmd as NirCmd

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session

session = Session(project_name='blackhat_arsenal_2019')
session.start()

templateserver = TemplateServer()
templateserver.start()

nircmd = NirCmd()
nircmd.configuration.reporting.report_files = True
nircmd.start_process(program='ping 4.2.2.2 > @report_folder@\\nircmd.log')
nircmd.execute(delay=5)
nircmd.output()
nircmd.files()