from bph.tools.windows.nircmd import BphNirCmd as NirCmd from bph.tools.windows.procmon import BphProcMon as ProcMon # Core Imports from bph.core.server.template import BphTemplateServer as TemplateServer from bph.core.session import BphSession as Session from bph.core.sample import BphLabFile as LabFile session = Session(project_name='blackhat_arsenal_2019') session.start() session.set_launcher(move_sample=False) templateserver = TemplateServer() templateserver.start() procmon = ProcMon() procmon.capture() procmon.execute(delay=10) sample_exec = NirCmd(LabFile(session.launcher_abs_path)) sample_exec.configuration.execution.background_run = False sample_exec.start_process(program='@sample@') sample_exec.execute() procmon.terminate() procmon.execute(delay=15) procmon.export() procmon.execute(delay=10) procmon.files()
from bph.analysis.network import BphNetworkAnalysisCsvReader as NetworkAnalysisCsvReader import time session = Session(project_name='blackhat_arsenal_2019') session.start() session.set_launcher(move_sample=False) templateserver = TemplateServer() templateserver.start() ntv = NetworkTrafficView() ntv.start() ntv.execute() sample_exec = NirCmd(LabFile(session.launcher_abs_path)) sample_exec.configuration.execution.background_run = False sample_exec.start_process(program='@sample@') sample_exec.execute(delay=10) ntv.stop() ntv.execute() for csv_file in ntv.files(): ntv = NetworkAnalysisCsvReader(tool_name='networktrafficview', csv_file=csv_file) ntv.fetch(data_type='domains') kill_process = NirCmd() kill_process.kill_process(program='@sample@') kill_process.execute()
from bph.tools.windows.pd import BphPd as Pd from bph.tools.windows.nircmd import BphNirCmd as NirCmd # Core Imports from bph.core.server.template import BphTemplateServer as TemplateServer from bph.core.sample import BphSample as Sample from bph.core.sample import BphLabFile as LabFile from bph.core.session import BphSession as Session session = Session(project_name='blackhat_arsenal_2019') session.start() templateserver = TemplateServer() templateserver.start() nircmd = NirCmd() nircmd.start_process(program=r'calc.exe') nircmd.execute(delay=3) pd = Pd() pd.dump_process(process_name='calc.exe') pd.execute(delay=5) files_found = pd.files() for file_found in files_found: if file_found.endswith('.exe'): dumped_file = LabFile(file_found) for symbol, function_data in dumped_file.symbols(
# Analysis Imports from bph.analysis.network import BphNetworkAnalysisCsvReader as NetworkAnalysisCsvReader import time session = Session(project_name='blackhat_arsenal_2019') session.start() templateserver = TemplateServer() templateserver.start() ntv = NetworkTrafficView() ntv.start() ntv.execute() nircmd = NirCmd() nircmd.configuration.reporting.report_files = True nircmd.start_process( program= r'python -c "import urllib2 ; print(urllib2.urlopen(\"https://icanhazip.com\").read().strip())" > @report_folder@\\nircmd.log' ) nircmd.execute(delay=5) ntv.stop() ntv.execute() for csv_file in ntv.files(): ntv = NetworkAnalysisCsvReader(tool_name='networktrafficview', csv_file=csv_file) ntv.fetch(data_type='domains')
# Tool Imports from bph.tools.windows.nircmd import BphNirCmd as NirCmd # Core Imports from bph.core.server.template import BphTemplateServer as TemplateServer from bph.core.session import BphSession as Session session = Session(project_name='blackhat_arsenal_2019') session.start() templateserver = TemplateServer() templateserver.start() nircmd = NirCmd() nircmd.configuration.reporting.report_files = True nircmd.start_process(program='ping 4.2.2.2 > @report_folder@\\nircmd.log') nircmd.execute(delay=5) nircmd.output() nircmd.files()