Name: Anonymous 2015-06-26 6:21
Malware analysis involves sandboxing, debugging, and analysis tools. I'm hoping you guys can help me figure out the finer details in setting up my malware analysis rig.
I think I want to do nested VMs (like Qemu running within Virtualbox running within VMware, or something like that) for added security against VM breakout 0 days, but I want to know what you think. I have 32GB of RAM so I can afford to be inefficient.
I won't give the VMs network access just in case they have some self-propagating Cryptolocker-esque shit that tries to infect my network drives. Or maybe I should just set up a separate VLAN and make ACL rules so that my test rig can't interact with any other private addresses, meaning it can't touch my other local stuff. Then I could still monitor shit in Wireshark even if I can't into proper debugging forensics.
As far as debuggers go, I've heard that Ollydbg is good, but I have no experience with such things so I'm not sure if that's true or not.
Also how can I make a VM not appear to be a VM? And how can I get around some malware's anti-debugging features?
Also, aside from Wireshark and Process Explorer, what are some other good tools for analyzing what's happening within an OS? Windows or GNU/Linux, doesn't matter, since I'll be doing tests for malware and exploits for all kinds of systems.
Thanks in advance, cuties.
I think I want to do nested VMs (like Qemu running within Virtualbox running within VMware, or something like that) for added security against VM breakout 0 days, but I want to know what you think. I have 32GB of RAM so I can afford to be inefficient.
I won't give the VMs network access just in case they have some self-propagating Cryptolocker-esque shit that tries to infect my network drives. Or maybe I should just set up a separate VLAN and make ACL rules so that my test rig can't interact with any other private addresses, meaning it can't touch my other local stuff. Then I could still monitor shit in Wireshark even if I can't into proper debugging forensics.
As far as debuggers go, I've heard that Ollydbg is good, but I have no experience with such things so I'm not sure if that's true or not.
Also how can I make a VM not appear to be a VM? And how can I get around some malware's anti-debugging features?
Also, aside from Wireshark and Process Explorer, what are some other good tools for analyzing what's happening within an OS? Windows or GNU/Linux, doesn't matter, since I'll be doing tests for malware and exploits for all kinds of systems.
Thanks in advance, cuties.