Releases: GoSecure/malboxes
v0.5.0
0.5.0
BlackHat USA Arsenal 2019 [late] Edition!
Enhancements
- Support for Windows 10 19H1 (version 1903) (#128)
- New tools: Ghidra, x64dbg, ollydbg, dnSpy, Detect It Easy (die), HxD, PE-Sieve, PE-Bear (#9, #125)
- New deployment target: Amazon Web Services EC2 (for the VM) and S3 (for the image) (#115)
- Using VirtualBox's linked clones by default now.
Creating a new spin of an existing template is now instant. (#126) - Enabling UAC so the default account can use Edge without requiring changes (#93)
- Updated logo (#129)
Bug fixes
- Removed APM from default chocolatey packages (#119)
- Disabled malware protection, cloud and automatic sample submission on Windows 10 (#120, #128)
- Fix Windows 10 download links (#113, #116)
Infrastructure Improvements
Release meta
- Released on: 2019-09-06
- Released by: @obilodeau
- Release whiskey: Colonel E.H. Taylor Small Batch Bourbon
Action: issues created and resolved | full diff
Credits
Thanks to the following people who contributed to this release:
Etienne Lacroix, Michael Seborowski, Olivier Bilodeau and Maxime Carbonneau
v0.4.0
The SecTor 2018 edition
Enhancements
- Experimental profiles feature gained shortcut creation support.
Seeprofile-example.jsfor syntax. (#85) - Experimental profiles registry changes now happen after package installation.
This enables registry changes to alter program configuration. (#86) - Experimental profiles registry changes now create missing registry paths by default (#84)
- Added configuration parameters for keyboard locale and proxy settings (#72, #78)
- build: New command-line argument to override default configuration file (-c or --config)
- Chocolatey will force the proxy configuration if set (#74)
- Custom provisioners can be defined in profiles configuration (#73)
PACKER_CACHE_DIRenvironment variable will be honored if present (#99, #100)- On debug, Malboxes will output the temporary packer config created (#75, #102)
- Removed
fiddler4andprocesshackerchocolatey package (#89, #94) - Tolerate chocolatey package install failures caused by failed downloads (#107)
- Travis testing: Removed support for Python 3.3 (end of life), added 3.5 and 3.6 (#101)
Bug fixes
- Fixed
jinja2.exceptions.TemplateNotFound: snippets/builder_vsphere_windows.json(#71) - Specified dependencies more precisely (#82)
Infrastructure Improvements
- Automated nightly VM builds will catch upstream problems sooner (#106)
Release meta
- Released on: 2018-09-02
- Released by: @obilodeau
- Release whiskey: Lot 40 Rye
Action: issues created and resolved | full diff
Credits
Thanks to the following people who contributed to this release:
Camille Moncelier, Hugo Genesse, Mathieu Tarral, Olivier Bilodeau, PiX, snakems
v0.3.0
The BlackHat USA Arsenal 2017 edition
Come to our session to talk about the tool!
Enhancements
- New templates: Windows 7 64-bit: win7_64_analyst (#42)
- Experimental profiles features: a separate configuration from OS templates that enables to add new installed packages, files and registry changes (#51)
- Support for trial versions of Windows 7 Enterprise x86 and x64
- Initial support for vSphere (ESXi / vCenter) on the back-end (#30, #68)
- Better out of the box support of Fedora, CentOS and RedHat as host (#53)
- Use user cache directories for packer. This avoids caching in memory-backed locations to prevent unnecessary memory pressure during builds or free space issues on low RAM systems (#45)
- Default timeout for WinRM is 60m (from 30m) to allow slower machines the time to go through Windows' install process
- Increased default disk size to 20GB
- Added a --force flag to overwrite pre-existing packer artifacts or vagrant boxes (#46)
- debug: Passes -on-error=abort to packer to allow investigation of failures (#35)
- Documentation improvements
Bug fixes
- NetworkLocation changes for Windows 7 solves a class of 'Timeout waiting for WinRM' errors (#33, #43, #60)
- Increased WinRM memory limit on Windows 7 solves errors installing .Net Framework 4.0 (#31, #44)
- More Windows 7 .Net Framework 4.0 fixes (#59)
Release meta
- Released on: 2017-07-25
- Released by: @obilodeau
- Release beer: Sierra Nevada Hop Hunter IPA
Action: issues created and resolved | full diff
Credits
Thanks to the following people who contributed to this release:
Gregory Leblanc, @xambroz,
@malwarenights, Hugo Genesse and Olivier Bilodeau
v0.2.0
The #RSAC gift release
See announcement blog post here: https://gosecure.net/2017/02/16/introducing-malboxes-a-tool-to-build-malware-analysis-virtual-machines/
Enhancements
- Updated Windows 10 to Anniversary Edition (#21)
- pip install support and documentation (#5)
- Config: ida_path will upload IDA Remote Debugger and open appropriate ports (#8)
- Config: tools_path will upload all of this Path’s content into C:\Tools (#8)
- Config: username and password support (#11)
- Config: Added windows_defender, windows_updates, disk_size and choco_packages options (#11, #14)
- Provides fiddler4 instead of fiddler
- Provides npcap instead of winpcap which works with Windows 10 (#2, #26)
- Added --debug and --skip command-line flags (#20)
- Added tests
Bug fixes
- Workaround for virtualbox 5.1.0 regression (#10)
- Packer binary is called packer-io on certain platforms (#3)
- Windows 10 x86 Automatic Installation issues (#4)
- Temporarily removed depwalker and regshot from choco packages (#16)
- VirtualBox Guest Additions: Support for the new certificate name (#24)
Release meta
Released by @obilodeau on 2017-02-16.
Credits
Thanks to the following people who contributed to this release:
Olivier Bilodeau, Hugo Genesse
v0.1.0
NorthSec 2016 edition
First proof of concept release of malboxes.
We can build Windows 7 and Windows 10 virtual machines with useful malware analysis tools pre-installed. Without a license key it will use the evaluation version of Windows 10 which is automatically downloaded.
Release meta
- Released by @obilodeau on 2016-05-17.
- Announced live at the NorthSec conference. Here are the slides (PDF) and here is the video.
Credits
Thanks to the following people who contributed to this release:
Olivier Bilodeau, Hugo Genesse