Serious Discussion How to set up a safe environment for Malware Testing

Xeno1234

Level 14
Thread author
Jun 12, 2023
684
Hello. I’ve been doing a small amount of Malware Analysis recently and I want to make a safe malware environment for running malware.

The main thing I am concerned about is getting infected, I need to make sure that nothing can escape the VM and infect my host, or spread through the network.

I would also like a good environment for ofc, malware analysis and hiding parts of the sandbox.

If you have any suggestions, let me know.
 
F

ForgottenSeer 103564

Hello. I’ve been doing a small amount of Malware Analysis recently and I want to make a safe malware environment for running malware.

The main thing I am concerned about is getting infected, I need to make sure that nothing can escape the VM and infect my host, or spread through the network.

I would also like a good environment for ofc, malware analysis and hiding parts of the sandbox.

If you have any suggestions, let me know.
First, get off your parents network to do so as there are no guarantees, malware is no joke, and definitely not a game. Second the best way is to have an isolated network, be on a linux machine with a VM with Windows in that. You should actually to be responsible disconnect from the internet when testing keeping your system isolated, but than you have the issue of a lot of malware need to connect to C&C servers or are VM aware. Can you guarantee you wont infect the router or worse? The basics are here for a containment lab but as stated variables will be an issue.
 

Xeno1234

Level 14
Thread author
Jun 12, 2023
684
First, get off your parents network to do so as there are no guarantees, malware is no joke, and definitely not a game. Second the best way is to have an isolated network, be on a linux machine with a VM with Windows in that. You should actually to be responsible disconnect from the internet when testing keeping your system isolated, but than you have the issue of a lot of malware need to connect to C&C servers or are VM aware. Can you guarantee you wont infect the router or worse? The basics are here for a containment lab but as stated variables will be issues.
Is there any way to check the Network for infections currently as I have ran malware in a VM before.
 
  • Like
Reactions: Dave Russo

Adrian Ścibor

From AVLab.pl
Verified
Well-known
Apr 9, 2018
214
Hi!

You can read a little beat on our Polish blog, please use some translator:

1. How to analyse malware sample and how to test your antivirus?

2. The source of malware:

3. There is a community project like FLARE VM: GitHub - mandiant/flare-vm: A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
I do not know whether the project is still supported.

Some nice tutorial for VirtualBox: Creating a VM for Malware Analysis in VirtualBox - Olivia A. Gallucci
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,195
I use Kaspersky, does it scan the the network?
Confirmed. I have Kaspersky Free on my host when testing malware samples in my VM (VMware Pro). Kaspersky does scan your network and specific firewall ports:

kn.png

Treat port scanning and network flooding as attacksNetwork Flooding is an attack on organization's network resources (for example, web servers). This attack consists in sending a massive amount of traffic to exhaust the traffic capacity of a network. As a result, users can't access organization's network resources.

Port scanning attack consists in scanning UDP- and TCP ports, as well as network services on the computer. This attack allows to determine computer’s vulnerability level before even more dangerous types of network attacks. Port scanning also allows hackers to determine computer's OS and choose OS-specific attacks for it.

If the toggle is on, the Network Attack Blocker component blocks port scanning and network flooding.
 
F

ForgottenSeer 103564

Hi!

You can read a little beat on our Polish blog, please use some translator:

1. How to analyse malware sample and how to test your antivirus?

2. The source of malware:

3. There is a community project like FLARE VM: GitHub - mandiant/flare-vm: A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
I do not know whether the project is still supported.

Some nice tutorial for VirtualBox: Creating a VM for Malware Analysis in VirtualBox - Olivia A. Gallucci
Do you realize that's a 15 year old kid on his parents network you just gave a list of malware and phishing sites too? Just curious.
 

Adrian Ścibor

From AVLab.pl
Verified
Well-known
Apr 9, 2018
214
Do you realize that's a 15 year old kid on his parents network you just gave a list of malware and phishing sites too? Just curious.

He does not say how old he is. Learning cannot be banned on the basis of age.

The websites are freely available on the internet, anyone can get access from Google or another blogs, forums - from a kid of 4 age to an old man of 104. The best learning is practice.
 
F

ForgottenSeer 103564

@Xeno1234 Make sure you leave your forwarding address and an invite on a C&C server with your favorite hacker, maybe they will drop a surprise or even pop in your network for a visit, im sure you parents wont mind.

This is no joke to everyone else, you all should be ashamed for encouraging this.
 
F

ForgottenSeer 103564

He does not say how old he is. Learning cannot be banned on the basis of age.

The websites are freely available on the internet, anyone can get access from Google or another blogs, forums - from a kid of 4 age to an old man of 104. The best learning is practice.
Hand that 4 year old your car keys than. It's same concept. Dangerous..
 

Xeno1234

Level 14
Thread author
Jun 12, 2023
684
@Xeno1234 Make sure you leave your forwarding address and an invite on a C&C server with your favorite hacker, maybe they will drop a surprise or even pop in your network for a visit, im sure you parents wont mind.

This is no joke to everyone else, you all should be ashamed for encouraging this.
I’ve learned the risks associated with malware testing from this forum. Right now, I’m not going to be doing any more testing, even just obtaining samples and putting them in online sandboxes.

You’ve made a good point about it being risky and I trust you. I don’t think I am currently infected, and I don’t plan on getting infected or even dealing with malware in the near future.

If I do, I will utilize a default deny setup to prevent the malware from running in the event I accidentally click it.

I appreciate your concern for me though. I know that Malware is dangerous and so far, I haven’t had any issues. I will make a post in Malware Removal to check my network and system for any defects later today to ensure. After that, I’m done.
 
F

ForgottenSeer 103564

I’ve learned the risks associated with malware testing from this forum. Right now, I’m not going to be doing any more testing, even just obtaining samples and putting them in online sandboxes.

You’ve made a good point about it being risky and I trust you. I don’t think I am currently infected, and I don’t plan on getting infected or even dealing with malware in the near future.

If I do, I will utilize a default deny setup to prevent the malware from running in the event I accidentally click it.

I appreciate your concern for me though. I know that Malware is dangerous and so far, I haven’t had any issues. I will make a post in Malware Removal to check my network and system for any defects later today to ensure. After that, I’m done.
I'm glad you have not taken offense, as I am just trying to help guide correctly, this is dangerous and not a game. Stay safe.
 
F

ForgottenSeer 97327

Well, you could look whether your router has "network partition" or "AP-isolation" (put it on again when you want to stream or cast something to another device).
Sometimes the GUEST-network also has an option to prevent guest-clients seeing other traffic.

Remember there is no 100% safety possible, but isolation and virtualisation are your best friends when upping security.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top