This document provides a high-level view of the changes introduced in malboxes by release. For a detailed view of what has changed, refer to the commit history on GitHub.
BlackHat USA Arsenal 2019 [late] Edition!
- Enhancements
-
-
Support for Windows 10 19H1 (version 1903) (#128)
-
New tools: Ghidra, x64dbg, ollydbg, dnSpy, Detect It Easy (die), HxD, PE-Sieve, PE-Bear (#9, #125)
-
New deployment target: Amazon Web Services EC2 (for the VM) and S3 (for the image) (#115)
-
Using VirtualBox’s linked clones by default now. Creating a new spin of an existing template is now instant. (#126)
-
Enabling UAC so the default account can use Edge without requiring changes (#93)
-
Updated logo (#129)
-
- Bug fixes
- Infrastructure Improvements
-
Released on: 2019-09-06
-
Released by: @obilodeau
-
Release whiskey: Colonel E.H. Taylor Small Batch Bourbon
Action: issues created and resolved | full diff
SecTor 2018 Edition!
- Enhancements
-
-
Experimental profiles feature gained shortcut creation support. See
profile-example.jsfor syntax. (#85) -
Experimental profiles registry changes now happen after package installation. This enables registry changes to alter program configuration. (#86)
-
Experimental profiles registry changes now create missing registry paths by default (#84)
-
Added configuration parameters for keyboard locale and proxy settings (#72, #78)
-
build: New command-line argument to override default configuration file (-c or --config)
-
Chocolatey will force the proxy configuration if set (#74)
-
Custom provisioners can be defined in profiles configuration (#73)
-
PACKER_CACHE_DIRenvironment variable will be honored if present (#99, #100) -
On debug, Malboxes will output the temporary packer config created (#75, #102)
-
Removed
fiddler4andprocesshackerchocolatey package (#89, #94) -
Tolerate chocolatey package install failures caused by failed downloads (#107)
-
Travis testing: Removed support for Python 3.3 (end of life), added 3.5 and 3.6 (#101)
-
- Bug fixes
- Infrastructure Improvements
-
-
Automated nightly VM builds will catch upstream problems sooner (#106)
-
-
Released on: 2018-09-02
-
Released by: @obilodeau
-
Release whiskey: Lot 40 Rye
Action: issues created and resolved | full diff
BlackHat USA Arsenal 2017 edition!
- Enhancements
-
-
New templates: Windows 7 64-bit: win7_64_analyst (#42)
-
Experimental profiles features: a separate configuration from OS templates that enables to add new installed packages, files and registry changes (#51)
-
Support for trial versions of Windows 7 Enterprise x86 and x64
-
Initial support for vSphere (ESXi / vCenter) on the back-end (#30, #68)
-
Better out of the box support of Fedora, CentOS and RedHat as host (#53)
-
Use user cache directories for packer. This avoids caching in memory-backed locations to prevent unnecessary memory pressure during builds or free space issues on low RAM systems (#45)
-
Default timeout for WinRM is 60m (from 30m) to allow slower machines the time to go through Windows' install process
-
Increased default disk size to 20GB
-
Added a --force flag to overwrite pre-existing packer artifacts or vagrant boxes (#46)
-
debug: Passes -on-error=abort to packer to allow investigation of failures (#35)
-
Documentation improvements
-
- Bug fixes
-
Released on: 2017-07-25
-
Released by: @obilodeau
-
Release beer: Sierra Nevada Hop Hunter IPA
Action: issues created and resolved | full diff
Thanks to the following people who contributed to this release:
The #RSAC gift release!
- Enhancements
-
-
Updated Windows 10 to Anniversary Edition (#21)
-
pip installsupport and documentation (#5) -
Config:
ida_pathwill upload IDA Remote Debugger and open appropriate ports (#8) -
Config:
tools_pathwill upload all of this Path’s content intoC:\Tools(#8) -
Config:
usernameandpasswordsupport (#11) -
Config: Added
windows_defender,windows_updates,disk_sizeandchoco_packagesoptions (#11, #14) -
Provides
fiddler4instead offiddler -
Provides
npcapinstead ofwinpcapwhich works with Windows 10 (#2, #26) -
Added
--debugand--skipcommand-line flags (#20) -
Added tests
-
- Bug fixes
NorthSec 2016 edition
First proof of concept release of malboxes.
We can build Windows 7 and Windows 10 virtual machines with useful malware analysis tools pre-installed. Without a license key it will use the evaluation version of Windows 10 which is automatically downloaded.
Released by @obilodeau on 2016-05-17.
Announced live at the NorthSec conference. Here are the slides (PDF) and here is the video.