from bph.analysis.network import BphNetworkAnalysisCsvReader as NetworkAnalysisCsvReader import time session = Session(project_name='blackhat_arsenal_2019') session.start() session.set_launcher(move_sample=False) templateserver = TemplateServer() templateserver.start() ntv = NetworkTrafficView() ntv.start() ntv.execute() sample_exec = NirCmd(LabFile(session.launcher_abs_path)) sample_exec.configuration.execution.background_run = False sample_exec.start_process(program='@sample@') sample_exec.execute(delay=10) ntv.stop() ntv.execute() for csv_file in ntv.files(): ntv = NetworkAnalysisCsvReader(tool_name='networktrafficview', csv_file=csv_file) ntv.fetch(data_type='domains') kill_process = NirCmd() kill_process.kill_process(program='@sample@') kill_process.execute()
from bph.tools.windows.nircmd import BphNirCmd as NirCmd from bph.tools.windows.procmon import BphProcMon as ProcMon # Core Imports from bph.core.server.template import BphTemplateServer as TemplateServer from bph.core.session import BphSession as Session from bph.core.sample import BphLabFile as LabFile session = Session(project_name='blackhat_arsenal_2019') session.start() session.set_launcher(move_sample=False) templateserver = TemplateServer() templateserver.start() procmon = ProcMon() procmon.capture() procmon.execute(delay=10) sample_exec = NirCmd(LabFile(session.launcher_abs_path)) sample_exec.configuration.execution.background_run = False sample_exec.start_process(program='@sample@') sample_exec.execute() procmon.terminate() procmon.execute(delay=15) procmon.export() procmon.execute(delay=10) procmon.files()
# Analysis Imports from bph.analysis.network import BphNetworkAnalysisCsvReader as NetworkAnalysisCsvReader import time session = Session(project_name='blackhat_arsenal_2019') session.start() templateserver = TemplateServer() templateserver.start() ntv = NetworkTrafficView() ntv.start() ntv.execute() nircmd = NirCmd() nircmd.configuration.reporting.report_files = True nircmd.start_process( program= r'python -c "import urllib2 ; print(urllib2.urlopen(\"https://icanhazip.com\").read().strip())" > @report_folder@\\nircmd.log' ) nircmd.execute(delay=5) ntv.stop() ntv.execute() for csv_file in ntv.files(): ntv = NetworkAnalysisCsvReader(tool_name='networktrafficview', csv_file=csv_file) ntv.fetch(data_type='domains')