Malboxes Versions Save

Builds malware analysis Windows VMs so that you don't have to.

0.5.0

4 years ago

0.5.0

BlackHat USA Arsenal 2019 [late] Edition!

Enhancements

  • Support for Windows 10 19H1 (version 1903) (#128)
  • New tools: Ghidra, x64dbg, ollydbg, dnSpy, Detect It Easy (die), HxD, PE-Sieve, PE-Bear (#9, #125)
  • New deployment target: Amazon Web Services EC2 (for the VM) and S3 (for the image) (#115)
  • Using VirtualBox's linked clones by default now. Creating a new spin of an existing template is now instant. (#126)
  • Enabling UAC so the default account can use Edge without requiring changes (#93)
  • Updated logo (#129)

Bug fixes

  • Removed APM from default chocolatey packages (#119)
  • Disabled malware protection, cloud and automatic sample submission on Windows 10 (#120, #128)
  • Fix Windows 10 download links (#113, #116)

Infrastructure Improvements

  • Various Jenkins CI system improvements (#108, #110, #123, #124)

Release meta

  • Released on: 2019-09-06
  • Released by: @obilodeau
  • Release whiskey: Colonel E.H. Taylor Small Batch Bourbon

Action: issues created and resolved | full diff

Credits

Thanks to the following people who contributed to this release:

Etienne Lacroix, Michael Seborowski, Olivier Bilodeau and Maxime Carbonneau

0.4.0

5 years ago

The SecTor 2018 edition

Enhancements

  • Experimental profiles feature gained shortcut creation support. See profile-example.js for syntax. (#85)
  • Experimental profiles registry changes now happen after package installation. This enables registry changes to alter program configuration. (#86)
  • Experimental profiles registry changes now create missing registry paths by default (#84)
  • Added configuration parameters for keyboard locale and proxy settings (#72, #78)
  • build: New command-line argument to override default configuration file (-c or --config)
  • Chocolatey will force the proxy configuration if set (#74)
  • Custom provisioners can be defined in profiles configuration (#73)
  • PACKER_CACHE_DIR environment variable will be honored if present (#99, #100)
  • On debug, Malboxes will output the temporary packer config created (#75, #102)
  • Removed fiddler4 and processhacker chocolatey package (#89, #94)
  • Tolerate chocolatey package install failures caused by failed downloads (#107)
  • Travis testing: Removed support for Python 3.3 (end of life), added 3.5 and 3.6 (#101)

Bug fixes

  • Fixed jinja2.exceptions.TemplateNotFound: snippets/builder_vsphere_windows.json (#71)
  • Specified dependencies more precisely (#82)

Infrastructure Improvements

  • Automated nightly VM builds will catch upstream problems sooner (#106)

Release meta

  • Released on: 2018-09-02
  • Released by: @obilodeau
  • Release whiskey: Lot 40 Rye

Action: issues created and resolved | full diff

Credits

Thanks to the following people who contributed to this release:

Camille Moncelier, Hugo Genesse, Mathieu Tarral, Olivier Bilodeau, PiX, snakems

0.3.0

6 years ago

The BlackHat USA Arsenal 2017 edition

Come to our session to talk about the tool!

Enhancements

  • New templates: Windows 7 64-bit: win7_64_analyst (#42)
  • Experimental profiles features: a separate configuration from OS templates that enables to add new installed packages, files and registry changes (#51)
  • Support for trial versions of Windows 7 Enterprise x86 and x64
  • Initial support for vSphere (ESXi / vCenter) on the back-end (#30, #68)
  • Better out of the box support of Fedora, CentOS and RedHat as host (#53)
  • Use user cache directories for packer. This avoids caching in memory-backed locations to prevent unnecessary memory pressure during builds or free space issues on low RAM systems (#45)
  • Default timeout for WinRM is 60m (from 30m) to allow slower machines the time to go through Windows' install process
  • Increased default disk size to 20GB
  • Added a --force flag to overwrite pre-existing packer artifacts or vagrant boxes (#46)
  • debug: Passes -on-error=abort to packer to allow investigation of failures (#35)
  • Documentation improvements

Bug fixes

  • NetworkLocation changes for Windows 7 solves a class of 'Timeout waiting for WinRM' errors (#33, #43, #60)
  • Increased WinRM memory limit on Windows 7 solves errors installing .Net Framework 4.0 (#31, #44)
  • More Windows 7 .Net Framework 4.0 fixes (#59)

Release meta

  • Released on: 2017-07-25
  • Released by: @obilodeau
  • Release beer: Sierra Nevada Hop Hunter IPA

Action: issues created and resolved | full diff

Credits

Thanks to the following people who contributed to this release:

Gregory Leblanc, @xambroz, @malwarenights, Hugo Genesse and Olivier Bilodeau

0.2.0

7 years ago

The #RSAC gift release

See announcement blog post here: https://gosecure.net/2017/02/16/introducing-malboxes-a-tool-to-build-malware-analysis-virtual-machines/

Enhancements

  • Updated Windows 10 to Anniversary Edition (#21)
  • pip install support and documentation (#5)
  • Config: ida_path will upload IDA Remote Debugger and open appropriate ports (#8)
  • Config: tools_path will upload all of this Path’s content into C:\Tools (#8)
  • Config: username and password support (#11)
  • Config: Added windows_defender, windows_updates, disk_size and choco_packages options (#11, #14)
  • Provides fiddler4 instead of fiddler
  • Provides npcap instead of winpcap which works with Windows 10 (#2, #26)
  • Added --debug and --skip command-line flags (#20)
  • Added tests

Bug fixes

  • Workaround for virtualbox 5.1.0 regression (#10)
  • Packer binary is called packer-io on certain platforms (#3)
  • Windows 10 x86 Automatic Installation issues (#4)
  • Temporarily removed depwalker and regshot from choco packages (#16)
  • VirtualBox Guest Additions: Support for the new certificate name (#24)

Release meta

Released by @obilodeau on 2017-02-16.

git tag | full diff

Credits

Thanks to the following people who contributed to this release:

Olivier Bilodeau, Hugo Genesse

0.1.0

7 years ago

NorthSec 2016 edition

First proof of concept release of malboxes.

We can build Windows 7 and Windows 10 virtual machines with useful malware analysis tools pre-installed. Without a license key it will use the evaluation version of Windows 10 which is automatically downloaded.

Release meta

Credits

Thanks to the following people who contributed to this release:

Olivier Bilodeau, Hugo Genesse