BlueJupyter: Automating Triage with Jupyter Notebooks
Samples for this section:
All samples located in PMAT-labs/labs/5-1.Automation-BlueJupyter/FORTRIAGE.7z
Note: For this section of the course, I am working on my Linux development workstation. This is outside of my lab environment. I confirmed that Blue-Jupyter functions as intended if you install it on REMnux, so feel free to carefully add REMnux back onto a NAT adapter and follow the install instructions for Blue-Jupyter. You may need to reboot your machine after running the "pip3 install poetry" and "pip3 install jupyter" commands.
Then, feel free to transfer the Blue-Jupyter samples over to REMnux and perform the remainder of the steps. You need to be connected to the internet and must use a valid VirusTotal API key to get the API results. VirusTotal Public API keys are free and you can sign up for one here: https://www.virustotal.com/gui/join-us
Once you are done, make sure to remove REMnux from the NAT adapter and double-check that it is back in the isolated lab environment.
References:
- Taggart Tech Youtube Channel: https://www.youtube.com/c/TaggartTech
- Taggart Tech Twitch: https://www.twitch.tv/mttaggart
- @MalwareUnicorn: https://twitter.com/malwareunicorn
- Referenced ShellCon talk: https://www.youtube.com/watch?v=rX7lIfQlqOo
- Linux Dev Workstation: https://neon.kde.org/