def __init__(self):
super().__init__()
# Variables added into the general (not-boxed) JSON Template
self.module_name = self.__module__
self.sid = Session.get_session_id()
self.md5 = Session.sample_md5
self.project_name = Session.project_name
self.rid = str(uuid.uuid4())
self.tool_drive = BPH_REMOTE_TOOLS_DRIVE
# Tool Imports from bph.tools.windows.nircmd import BphNirCmd as NirCmd from bph.tools.windows.procmon import BphProcMon as ProcMon # Core Imports from bph.core.server.template import BphTemplateServer as TemplateServer from bph.core.session import BphSession as Session from bph.core.sample import BphLabFile as LabFile session = Session(project_name='blackhat_arsenal_2019') session.start() session.set_launcher(move_sample=False) templateserver = TemplateServer() templateserver.start() procmon = ProcMon() procmon.capture() procmon.execute(delay=10) sample_exec = NirCmd(LabFile(session.launcher_abs_path)) sample_exec.configuration.execution.background_run = False sample_exec.start_process(program='@sample@') sample_exec.execute() procmon.terminate() procmon.execute(delay=15) procmon.export() procmon.execute(delay=10)
# Tool imports
from bph.tools.windows.networktrafficview import BphNetworkTrafficView as NetworkTrafficView
from bph.tools.windows.nircmd import BphNirCmd as NirCmd
# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile
# Analysis Imports
from bph.analysis.network import BphNetworkAnalysisCsvReader as NetworkAnalysisCsvReader
import time
session = Session(project_name='blackhat_arsenal_2019')
session.start()
templateserver = TemplateServer()
templateserver.start()
ntv = NetworkTrafficView()
ntv.start()
ntv.execute()
nircmd = NirCmd()
nircmd.configuration.reporting.report_files = True
nircmd.start_process(
program=
r'python -c "import urllib2 ; print(urllib2.urlopen(\"https://icanhazip.com\").read().strip())" > @report_folder@\\nircmd.log'
)
nircmd.execute(delay=5)