Results 1 to 15 of 42

Thread: Setting up a malware analysis environment

Hybrid View

  1. #1
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5

    Setting up a malware analysis environment

    A frequent request here is for both introductory and detailed information on setting up and using a safe malware analysis environment. I've created a sticky thread where I hope we can gather as many good articles as possible that touch on that subject.

    Please add any noteworthy articles you find or are aware of that can help guide those of us who are interested in secure reversing of insecure targets.

    The best of the articles will find its way into a larger knowledge resource that is currently being set up, so anything you can add will be a contribution to something far grander and permanent than this thread.


    To start with, here are a few that have been mentioned before in the forums:


    Capture, care and analysis of Malware made easy
    http://www.linklogger.com/vm_capture.htm

    Practical Malware Analysis
    http://www.blackhat.com/presentations/bh-dc-07/Kendall_McMillan/Presentation/bh-dc-07-Kendall_McMillan.pdf


    Setting up Windbg/VMWare:

    Remote Debugging using VMWare
    http://www.catch22.net/tuts/vmware

    Driver Debugging with WinDbg and VMWare
    http://silverstr.ufies.org/lotr0/windbg-vmware.html


    Cheers,
    Kayaker

  2. #2
    I think any mal analyzer should know pros & cons of various tools for setting up an analysis environment in the first place;

    http://www.sans.org/reading_room/whitepapers/threats/malware_analysis_environment_design_and_artitecture_1841

  3. #3
    Interesting article: an automated malware analysis environment (already linked up somewhere on the forum I'm sure).
    http://cert.at/downloads/papers/mass_malware_analysis_en.html
    Please consider donating to help Woodmann.com staying online (here is why).
    Any amount greatly appreciated. Thank you.

  4. #4
    How Detect virtual machines :

    www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf

  5. #5
    For malware analysis a good combination could be Sandboxie + Buster Sandbox Analyzer

    Sandboxie: http://www.sandboxie.com

    Buster Sandbox Analyzer: http://bsa.sandboxie.info

    As soon as I finish coding next BSA feature probably I will write a paper about setting up a malware analysis environment.

  6. #6
    Sandboxie is not a good one , because the new malwares can detect sandboxie.

  7. #7
    Quote Originally Posted by mansourweb View Post
    Sandboxie is not a good one , because the new malwares can detect sandboxie.
    I told Sandboxie + Buster Sandbox Analyzer.

    http://bsa.sandboxie.info/frameb.htm

  8. #8

    Thumbs up

    Another one from CERT.at



    Hi folks,

    it's just a few days ago that I put my new version of Minibis on our (CERT.at) website.
    For everyone that haven't heared about it yet: Minibis is a fully customizable automated malware analysis environment.
    So, for anyone that's interested in this topic feel free to visit our website http://cert.at/downloads/software/minibis_en.html at "Computer Emergency Response Team of Austria". There's plenty o informations there regarding Minibis, it's concept as well as of course a download-link.

    Cya,
    Chrisu.
    source: https://www.openrce.org/forums/posts/1279
    Please consider donating to help Woodmann.com staying online (here is why).
    Any amount greatly appreciated. Thank you.

Similar Threads

  1. Replies: 12
    Last Post: December 24th, 2009, 11:34
  2. SANS malware analysis article
    By Kayaker in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: May 4th, 2009, 18:17
  3. Virtual environment to test CIH (A.K.A Chernobyl) virus?
    By neo85 in forum Malware Analysis and Unpacking Forum
    Replies: 12
    Last Post: February 29th, 2008, 21:04
  4. Setting breakpoints in dll's
    By Solus in forum OllyDbg Support Forums
    Replies: 1
    Last Post: November 19th, 2005, 12:14

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •