cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Andre_K
Iron

ATRG Threat Emulation VNC section

Jump to solution

Hi all, when enabling “tecli debug emulation enable” for VNC access the ATRG Emulation document refers to section “(24) VNC access to the emulation virtual machines” . This section does not exists in the ATRG! Can anyone explain how to connect to the emulation virtual machine by using VNC?

 

0 Kudos
1 Solution

Accepted Solutions
Employee
Employee

Re: ATRG Threat Emulation VNC section

Jump to solution

After you enbale emulator debugging, each VM when running will open the VNC ports, the "tecli s e v s" command will display in columns the information of emulators, one column is VNC, this is the LAST number of the port where VNC is listening. so if VNC ID is 0 then port is 5900, if the ID is 5 the VNC port you need to connect to is 5905, you need to use TightVNC, and write the URL wit single colon,   192.168.1.1:5905. The only two clients I know they work correctly with sandblast is Tight VNC and NoVNC (HTML5 Client).   Enjoy!

5 Replies
Employee
Employee

Re: ATRG Threat Emulation VNC section

Jump to solution

After you enbale emulator debugging, each VM when running will open the VNC ports, the "tecli s e v s" command will display in columns the information of emulators, one column is VNC, this is the LAST number of the port where VNC is listening. so if VNC ID is 0 then port is 5900, if the ID is 5 the VNC port you need to connect to is 5905, you need to use TightVNC, and write the URL wit single colon,   192.168.1.1:5905. The only two clients I know they work correctly with sandblast is Tight VNC and NoVNC (HTML5 Client).   Enjoy!

Admin
Admin

Re: ATRG Threat Emulation VNC section

Jump to solution

I didn’t know you could do that. Pretty sweet!

0 Kudos
Employee
Employee

Re: ATRG Threat Emulation VNC section

Jump to solution

Yes, it is pretty illustrative, I found it helpful to shown non-Tech people SandBlast is actually doing.

0 Kudos
Highlighted
Andre_K
Iron

Re: ATRG Threat Emulation VNC section

Jump to solution

Thank you Javier, this is really helpful! Now I will be able to show the customer what the Sandblast is actually doing on the background.

0 Kudos
Employee++
Employee++

Re: ATRG Threat Emulation VNC section

Jump to solution

Be aware that all input in the VNC window will be counted as behavior and will add to the verdict you get for this specific emulated file 🙂

Regards Thomas