from bph.analysis.network import BphNetworkAnalysisCsvReader as NetworkAnalysisCsvReader
import time
session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)
templateserver = TemplateServer()
templateserver.start()
ntv = NetworkTrafficView()
ntv.start()
ntv.execute()
sample_exec = NirCmd(LabFile(session.launcher_abs_path))
sample_exec.configuration.execution.background_run = False
sample_exec.start_process(program='@sample@')
sample_exec.execute(delay=10)
ntv.stop()
ntv.execute()
for csv_file in ntv.files():
ntv = NetworkAnalysisCsvReader(tool_name='networktrafficview',
csv_file=csv_file)
ntv.fetch(data_type='domains')
kill_process = NirCmd()
kill_process.kill_process(program='@sample@')
kill_process.execute()
from bph.tools.windows.nircmd import BphNirCmd as NirCmd from bph.tools.windows.procmon import BphProcMon as ProcMon # Core Imports from bph.core.server.template import BphTemplateServer as TemplateServer from bph.core.session import BphSession as Session from bph.core.sample import BphLabFile as LabFile session = Session(project_name='blackhat_arsenal_2019') session.start() session.set_launcher(move_sample=False) templateserver = TemplateServer() templateserver.start() procmon = ProcMon() procmon.capture() procmon.execute(delay=10) sample_exec = NirCmd(LabFile(session.launcher_abs_path)) sample_exec.configuration.execution.background_run = False sample_exec.start_process(program='@sample@') sample_exec.execute() procmon.terminate() procmon.execute(delay=15) procmon.export() procmon.execute(delay=10) procmon.files()
# Analysis Imports
from bph.analysis.network import BphNetworkAnalysisCsvReader as NetworkAnalysisCsvReader
import time
session = Session(project_name='blackhat_arsenal_2019')
session.start()
templateserver = TemplateServer()
templateserver.start()
ntv = NetworkTrafficView()
ntv.start()
ntv.execute()
nircmd = NirCmd()
nircmd.configuration.reporting.report_files = True
nircmd.start_process(
program=
r'python -c "import urllib2 ; print(urllib2.urlopen(\"https://icanhazip.com\").read().strip())" > @report_folder@\\nircmd.log'
)
nircmd.execute(delay=5)
ntv.stop()
ntv.execute()
for csv_file in ntv.files():
ntv = NetworkAnalysisCsvReader(tool_name='networktrafficview',
csv_file=csv_file)
ntv.fetch(data_type='domains')