topic Re: ATRG Threat Emulation VNC section in Firewall and Security Management

ATRG Threat Emulation VNC section

Andre_K — Fri, 29 Sep 2017 06:38:07 GMT

Hi all, when enabling “tecli debug emulation enable” for VNC access the ATRG Emulation document refers to section “(24) VNC access to the emulation virtual machines” . This section does not exists in the ATRG! Can anyone explain how to connect to the emulation virtual machine by using VNC?

Re: ATRG Threat Emulation VNC section

Javier_Padilla — Sun, 01 Oct 2017 12:38:09 GMT

After you enbale emulator debugging, each VM when running will open the VNC ports, the "tecli s e v s" command will display in columns the information of emulators, one column is VNC, this is the LAST number of the port where VNC is listening. so if VNC ID is 0 then port is 5900, if the ID is 5 the VNC port you need to connect to is 5905, you need to use TightVNC, and write the URL wit single colon, 192.168.1.1:5905. The only two clients I know they work correctly with sandblast is Tight VNC and NoVNC (HTML5 Client). Enjoy!

Re: ATRG Threat Emulation VNC section

PhoneBoy — Sun, 01 Oct 2017 17:32:40 GMT

I didn’t know you could do that. Pretty sweet!

Re: ATRG Threat Emulation VNC section

Javier_Padilla — Sun, 01 Oct 2017 18:35:17 GMT

Yes, it is pretty illustrative, I found it helpful to shown non-Tech people SandBlast is actually doing.

Re: ATRG Threat Emulation VNC section

Andre_K — Mon, 02 Oct 2017 05:29:44 GMT

Thank you Javier, this is really helpful! Now I will be able to show the customer what the Sandblast is actually doing on the background.

Re: ATRG Threat Emulation VNC section

Thomas_Werner — Wed, 04 Oct 2017 12:38:35 GMT

Be aware that all input in the VNC window will be counted as behavior and will add to the verdict you get for this specific emulated file 🙂

Regards Thomas