Been busy last two weeks completing a research paper. Hopefully the code I made for the paper can be released soon. For now, here's some snippets I used to set up part of the environment for the research. (Intentionally vague, as it's not published yet)

This is a quick guide for how to install Cuckoo Sandbox to work with Virtualbox VMs.

Install dependencies for Cuckoo

sudo apt-get install python  
sudo apt-get install mongodb  
sudo apt-get install g++  
sudo apt-get install python-dev python-dpkt python-jinja2 python-magic python-pymongo  
python-gridfs python-libvirt python-bottle python-pefile python-chardet python-pip  
sudo apt-get install libxml2-dev libxslt1-dev  
sudo pip2 install sqlalchemy yara  
sudo pip2 install cybox==  
sudo pip2 install maec==  
sudo pip2 install python-dateutil

sudo apt-get install python-dev libfuzzy-dev  
sudo pip2 install pydeep

sudo apt-get install tcpdump # If not installed  
# Allow tcpdump to read raw TCP data without root:
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

wget && unzip && cd volatility-2.4  
sudo python install  
# Install the libraries that volatility wants:
sudo pip2 install distorm3  

Install Cuckoo and Virtual Box

You'll still have to set up the virtual machine, and configure Cuckoo to use that VM. But at least this script will download them for you!

Check out Cuckoo's full documentation here:

git clone git://  
sudo dpkg -i virtualbox-5.0_5.0.14-105127~Ubuntu~trusty_i386.deb  
sudo apt-get install -f  

Cuckoo has really good flexibility to be expanded for your needs. It's entirely open source, and the code base isn't too bad. However, they make it even easier for you with some decent documentation. I blogged about the structure of Cuckoo and how to add custom features to it before, so check it out.


If you follow the Cuckoo documentation then you'll want to set up a host-only network adapter between your guest virtual machine and your host machine. After you do that through the Virtualbox settings, you have to set up the iptables rules for the communication to work.

sudo iptables -A FORWARD -o eth0 -i vboxnet0 -s -m conntrack --ctstate NEW -j ACCEPT;  
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT;  
sudo iptables -A POSTROUTING -t nat -j MASQUERADE;  
sudo sysctl -w net.ipv4.ip_forward=1;