In this set up, I use NAT networking for the gateway’s external NIC, and Internal networking for the victim and gateway lab NICs. The drag-and-drop and shared clipboard feature makes it easy to transfer data to and from the VMs if needed, and you can also set unidirectional transfer if you are worried. Using VMs means I can create snapshots before malware analysis, and revert once I’ve collected the data I need. I choose to use VirtualBox, as it’s free and has all the features I enjoy and use. The step-by-step directions for how I set up my lab can be found on this page. I have tools and scripts installed that allow me to monitor/capture network traffic, including SSL decryption, as well as simulated internet services if I need to analyze targeted malware or wish to prevent attackers from knowing the malware is being analyzed. While this isn’t as secure as physical separation, it works for me and I accept the risks. The gateway has iptables rules in place to prevent the victim from accessing the rest of my home network. I also have a Linux-based network gateway which all traffic from my victim machine will route through. My lab has a Windows 10 victim VM with some basic security and analysis tools installed. I have used this setup on my daily driver laptop, a stand-alone Out-Of-Band laptop for work, and a dedicated VM server I have at home. My lab is used for some basic static analysis and well-rounded dynamic analysis, while leveraging the power of Virtual Machines (VM). I’d like to share how I’ve created mine and explain some of the features. There are a wide variety of methods and tools to use in a malware analysis lab, depending on what you want to be able to do.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |