tag:blogger.com,1999:blog-7652481.post6832032900287966771..comments2022-01-23T23:10:44.623-05:00Comments on Infosec Potpourri: Automating malware analysis with TrumanDavidJBiancohttp://www.blogger.com/profile/09760835714791462863noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-7652481.post-69498346049337475542009-04-08T16:33:00.000-04:002009-04-08T16:33:00.000-04:00For anyone who runs across this with questions lik...For anyone who runs across this with questions like the one regarding HW... If you intend on using Truman as written years ago, you are going to have to use old HW or build new PXE images with the WIUL tools (http://www.wiul.org/?page=wiul-files). During a brief email back and forth with Chas Tomlin, he stated that there was intent to update to support kernel 2.6 and more modern hardware. My work could not wait, so I opted to use a mixture of clients using CoreRESTORE bridges and Windows SteadyState. CoreRESTORE bridges are preferable, but are hard to come by now and don't support SATA drives. This does not replace TRUMAN's ability to dd the drive, but there are plenty of other tools that can be used for similar "system state" analysis before rebooting to a clean OS.d1sshttps://www.blogger.com/profile/00842110807469506898noreply@blogger.comtag:blogger.com,1999:blog-7652481.post-76318071836519778572008-07-15T12:32:00.000-04:002008-07-15T12:32:00.000-04:00Hello, First I wanted to thank you for being the f...Hello, <BR/><BR/>First I wanted to thank you for being the first to create a how-to on installing Truman, it's been very helpful. I was wondering if I could get some input as to what hardware you guys are using? Servers or desktops? Reason that I am asking is that I am having problems with Truman recognizing my NIC card, even after appending the entry for my corresponding NIC(tg3) which usually fails stating "device not found" I am guessing this is due to the old Kernel as mentioned in the WIKI. Not sure where to go from here which is why I am comtinplating on new hardware.<BR/><BR/>thanks again!userhttps://www.blogger.com/profile/03713451067749651075noreply@blogger.comtag:blogger.com,1999:blog-7652481.post-55819294133448938212008-05-30T12:45:00.000-04:002008-05-30T12:45:00.000-04:00SHA-1, I'm glad to know you found the wiki helpful...SHA-1, I'm glad to know you found the wiki helpful. I see that you have made a few updates to it yourself, to clarify a few points. Thanks! <BR/><BR/>As for the hanging, I don't think I ever encountered that issue. However, if the downloaded program neglects to put itself into the background (like a good Windows binary will usually do), it can hang the script, as it will wait for the malware sample to exit. You can test this by runnng the sample from the command line and seeing if you ever get a prompt back. This is the only thing I can think of offhand that would cause the problem you're seeing.DavidJBiancohttps://www.blogger.com/profile/09760835714791462863noreply@blogger.comtag:blogger.com,1999:blog-7652481.post-66740087932222139152008-05-29T17:01:00.000-04:002008-05-29T17:01:00.000-04:00David - Good stuff. Your wiki made the install pr...David - Good stuff. Your wiki made the install process much easier. One question for you (and it may be a nuance of XP pre-SP2): get.bat successfully wgets my .exe and runs it, but hangs before the sleep command and thus never finishes. All commands in the get.bat run fine manually. Did you happen to have this issue at any point?<BR/><BR/>I am installing a new client with SP2 to see if that resolves the issue, although I don't see why it would.<BR/><BR/>Regards,<BR/><BR/>Ryand1sshttps://www.blogger.com/profile/00842110807469506898noreply@blogger.com