Question 1

How does BoomBox compare to DetectionLab for malware analysis labs?

Accepted Answer

BoomBox is based on DetectionLab but focuses specifically on malware analysis with Cuckoo Sandbox and a Windows detonation chamber, while DetectionLab is broader for defender training. Both use Packer and Vagrant, but BoomBox is optimized for rapid analysis deployment.

Question 2

How to install Microsoft Office in BoomBox?

Accepted Answer

Microsoft Office isn't included due to licensing. You can manually install it with a valid license key after deployment and create a new clean snapshot, as noted in the README. This ensures Office is available for analysis without violating terms.

Question 3

Can I use BoomBox with VMware instead of VirtualBox?

Accepted Answer

Currently, BoomBox only supports VirtualBox, as seen in the build scripts and the Todo list which mentions adding support for additional Vagrant providers. Users would need to modify the configuration or wait for future updates.

Question 4

How long does it take to build BoomBox from scratch?

Accepted Answer

The entire build process takes around 30-60 minutes, depending on system speed and network. Using pre-built boxes from Vagrant Cloud with the --vagrant-only option is faster, as mentioned in the Quickstart guide.

Question 5

Does BoomBox automatically revert snapshots after malware analysis?

Accepted Answer

No, you must manually run the revert.ps1 or revert.sh scripts after each submission to Cuckoo to restore a clean state. The Todo list includes improving this to automate reversion, but it's not yet implemented.

Question 6

What are the system requirements for running BoomBox?

Accepted Answer

BoomBox requires at least 20GB of free disk space and 6GB of RAM, along with Packer, Vagrant, and VirtualBox installed. These are specified in the Requirements section to ensure smooth VM provisioning.

Question 7

How can I add custom applications to the Windows sandbox?

Accepted Answer

Modify the Packer configuration files or extend the Chocolatey package list in the build process to include additional applications. After installation, update the clean snapshot to persist changes for future analyses.

BoomBox

What is BoomBox?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions