Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

ATRG Threat Emulation VNC section

Jump to solution

Hi all, when enabling “tecli debug emulation enable” for VNC access the ATRG Emulation document refers to section “(24) VNC access to the emulation virtual machines” . This section does not exists in the ATRG! Can anyone explain how to connect to the emulation virtual machine by using VNC?

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Employee
Employee

After you enbale emulator debugging, each VM when running will open the VNC ports, the "tecli s e v s" command will display in columns the information of emulators, one column is VNC, this is the LAST number of the port where VNC is listening. so if VNC ID is 0 then port is 5900, if the ID is 5 the VNC port you need to connect to is 5905, you need to use TightVNC, and write the URL wit single colon,   192.168.1.1:5905. The only two clients I know they work correctly with sandblast is Tight VNC and NoVNC (HTML5 Client).   Enjoy!

View solution in original post

5 Replies
Highlighted
Employee
Employee

After you enbale emulator debugging, each VM when running will open the VNC ports, the "tecli s e v s" command will display in columns the information of emulators, one column is VNC, this is the LAST number of the port where VNC is listening. so if VNC ID is 0 then port is 5900, if the ID is 5 the VNC port you need to connect to is 5905, you need to use TightVNC, and write the URL wit single colon,   192.168.1.1:5905. The only two clients I know they work correctly with sandblast is Tight VNC and NoVNC (HTML5 Client).   Enjoy!

View solution in original post

Highlighted
Admin
Admin

I didn’t know you could do that. Pretty sweet!

0 Kudos
Highlighted
Employee
Employee

Yes, it is pretty illustrative, I found it helpful to shown non-Tech people SandBlast is actually doing.

0 Kudos
Highlighted
Nickel

Thank you Javier, this is really helpful! Now I will be able to show the customer what the Sandblast is actually doing on the background.

0 Kudos
Highlighted
Employee++
Employee++

Be aware that all input in the VNC window will be counted as behavior and will add to the verdict you get for this specific emulated file 🙂

Regards Thomas