Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Few questions regarding malware analysis lab - how to do it properly?
Message
<blockquote data-quote="hunter44" data-source="post: 975251" data-attributes="member: 94311"><p>I created my home malware analysis lab. I am a newbie in this area so I decided to ask you few questions regarding this lab:</p><p></p><p>1. My lab is consists of Kali as a host OS, Remnux VM (which is a gateway) and two windows VMs: win7 and win10. When you do analysis of some sample, where do you often do it? Static analyze is done in Remnux (or in general on other env) and behavior in windows? Or maybe everything could be done in Remnux (with e.g. Cuckoo sandbox)? I'm asking, because I do not understand why should I put all tools in every VM and what environment should I use to run malware sample. For me it moght be enough to have only one VM (Remnux) and analyze everything there, but I'm not sure what with windows samples - can they be run on linux too to do some dynamic analysis?</p><p></p><p>2. What is your general apporach to analyze of the malware? Could you give some tips what is worth to do first and what next? For example, I get some malware sample which I totally do not know what it is doing. I would start with some Cuckoo analyze, then some static analyze and then run it on some VM. Is it a good approach or how should I choose what to do first?</p><p></p><p>3. I found some malware samples places, but is there any recommendation where I could take samples by difficult level? To start with some easy examples and then try more difficult, to learn new things.</p><p></p><p>Probably I will have more questions in the future, but for now I would like to know those basics, which would be very helpful.</p></blockquote><p></p>
[QUOTE="hunter44, post: 975251, member: 94311"] I created my home malware analysis lab. I am a newbie in this area so I decided to ask you few questions regarding this lab: 1. My lab is consists of Kali as a host OS, Remnux VM (which is a gateway) and two windows VMs: win7 and win10. When you do analysis of some sample, where do you often do it? Static analyze is done in Remnux (or in general on other env) and behavior in windows? Or maybe everything could be done in Remnux (with e.g. Cuckoo sandbox)? I'm asking, because I do not understand why should I put all tools in every VM and what environment should I use to run malware sample. For me it moght be enough to have only one VM (Remnux) and analyze everything there, but I'm not sure what with windows samples - can they be run on linux too to do some dynamic analysis? 2. What is your general apporach to analyze of the malware? Could you give some tips what is worth to do first and what next? For example, I get some malware sample which I totally do not know what it is doing. I would start with some Cuckoo analyze, then some static analyze and then run it on some VM. Is it a good approach or how should I choose what to do first? 3. I found some malware samples places, but is there any recommendation where I could take samples by difficult level? To start with some easy examples and then try more difficult, to learn new things. Probably I will have more questions in the future, but for now I would like to know those basics, which would be very helpful. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
