Part 3 - Karton
Setup
This part requires Karton Playground to be set up.
git clone https://github.com/CERT-Polska/karton-playground.git
cd karton-playground
sudo docker-compose up # this may take a while
Also take a look at the Karton documentation
Available services
127.0.0.1:8030
karton-dashboard127.0.0.1:8080
mwdb-core (user: admin, password: admin)127.0.0.1:8090
minio (user: mwdb, password: mwdbmwdb)
Exercise #3.1: Adding new service to the Karton pipeline
Goal: Learn how to connect new karton systems to your network
Integrate an existing karton service into your pipeline: karton-autoit-ripper
$ python3 -m venv venv
$ source ./venv/bin/activate
$ pip install karton-autoit-ripper
$ # playground-specific: copy local config to cwd
$ cp config/karton.ini karton.ini
$ karton-autoit-ripper
[2021-04-11 17:19:57,867][INFO] Service karton.autoit-ripper started
Download a sample, and verify its hash
$ wget https://github.com/CERT-Polska/training-mwdb/raw/main/autoit-malware.bin
$ sha256sum autoit-malware.bin
a4816d4fecd6d2806d5b105c3aab55f4a1eb5deb3b126f317093a4dc4aab88a1 autoit-malware.bin
Finally, upload it to your local mwdb (http://127.0.0.1:8080, admin:admin)
Exercise #3.2: Write your own service
Goal: Learn how to create a new karton service from ground up
Download a template:
https://github.com/CERT-Polska/training-mwdb/blob/main/karton-template.py
Edit the template, and:
Run the
strings
utility on every incoming sampleSave the result in a variable (use subprocess.check_output)
Upload the result to mwdb (already handled in the template)