Neton is a device for getting info from Web related sandboxes. It’s composed by an agent and an online interface that shows the collected info.
The Neton agent will get info from the methods on which it runs and exfiltrates it through HTTPS to the online server.
A number of the info it collects:
- Working system and {hardware} info
- Discover recordsdata on mounted drives
- Record unsigned microsoft drivers
- Run SharpEDRChecker
- Run Pafish
- Run Al-Khaser
- Detect hooks
- Take screenshots of the desktop
All this info can be utilized to enhance Pink Workforce artifacts or to find out how sandboxes work and enhance them.
Photographs
Deployment
NetonWeb
- Set up (with virtualenv):
python3 -m venv venv
supply venv/bin/activate
pip3 set up -r necessities.txt
- Configure the database:
python3 handle.py migrate
python3 handle.py makemigrations core
python3 handle.py migrate core
python3 handle.py createsuperuser
python3 handle.py runserver
- Generate the certificates and retailer them within the certs folder:
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout server.key -out server.crt
Launch gunicorn:
Construct resolution with Visible Studio. The agent configuration might be achieved from the Program.cs class.
- url variable: Url the place the data will likely be exfiltrated (NetonWeb’s).
- sandboxId variable: Identifier of the sandbox the place the samples are uploaded.
- wave variable: Means of organising the completely different instances the samples are despatched. muestras.
Pattern information
Within the pattern information folder there’s a sqlite database with a number of samples collected from the next providers:
- Virustotal
- Tria.ge
- Metadefender
- Hybrid Evaluation
- Any.run
- Intezer Analyze
- Pikker
- AlienVault OTX
- Risk.Zone
To entry the pattern info copy the sqlite file to the NetonWeb folder and run the appliance.
Credentials:
- Person:
raccoon
- Password:
jAmb.Abj3.j11pmMa
Further data
Credit