SlideShare ist ein Scribd-Unternehmen logo

Setup Your Personal Malware Lab

Als PPT, PDF herunterladen
Digit Oktavianto
Digit Oktavianto

This document discusses how to set up a malware analysis lab. It begins by introducing malware analysis and explaining why it is important. It then defines a malware lab as a safe, isolated environment for analyzing malware, noting both physical and virtual options. The document outlines the steps to build a malware lab, including isolating systems, installing behavioral and code analysis tools, and using online analysis tools. Finally, it lists specific tools that could be included in a malware lab, such as honeypots, behavioral monitors, disassemblers, sandboxes, and online scanners.

Technologie
1 von 24
SETTING UP YOUR OWN MALWARE LAB Presented by : Digit Okttavianto digit.oktavianto@gmail.com http://digitoktavianto.web.id JWC 4th Computer and Network Security Forum
About Me Security Consultant Member of Honeynet Indonesia Chapter Member of OWASP Indonesia Coordinator of Cloud Indonesia (SysAdmin) Member KPLI Jakarta IT Security Enthusiast (Opreker :D)
TODAY'S DISCUSSION  Introduction of Malware Analysis  What is Malware Lab?  How to build your own malware lab?  What tools are included in Malware Lab?
Introduction of Malware Analysis Malware : Any piece of code that has malicious intentions and /or performs a function that the user was not aware that it was going to do Malware analysis : process of analyzing malware; how to analyze malware behavior; how to reverse the malware; how to disassemble the malware
Introduction Malware Analysis (Cont'd..) Benefits from malware analysis?  We can investigate how the malware works  We can predict what it is going to do with the victims  We will know how to mitigate this malware attack (quickly assess the threat)  We can prevent further malware action  We will understand threat management better  We can secure our environment
What is Malware Lab Malware Lab is a safe environment to analyze the malware. Basically, it is an isolated environment which contains a lot of tools that are useful for the malware analyst analyse.
What is Malware Lab (Cont'd...) Why we should build a malware lab?  Proactive approach  Advanced detection (before AV vendor detects it?)
What is Malware Lab (Cont'd...) Why an isolated and safe environment?  We need to execute the malware itself (dynamic analysis)  We interact with the malware to know how they works  We observe how the malware infects the file system, what files are infected, its registry and the network traffic.
What is Malware Lab (Cont'd...) What are the purposes?  Personal research  Hobby  Profit oriented (Works as malware analyst)  Enhance knowledge
How to build your own malware lab?  Physical Lab  Virtualization Lab
How to build your own malware lab? (Cont'd ...)  Physical Lab Advantage : - No VM Aware Detection - Real environment lab - Full function as a victim Disadvantage : - Costly - Time to build the real environment
How to build your own malware lab? (Cont'd ...)  Virtualization Lab Advantage : - Easy to deploy - Minimum cost - Easy to isolate and safe environment Disadvantage : - VM Aware detection
How to build your own malware lab? (Cont'd ...)  Step for building your Malware Lab (taken from (http://zeltser.com/malware-analysis-toolkit/): Step1: Allocate physical or virtual systems for the analysis lab Step 2: Isolate laboratory systems from the production environment Step 3: Install behavioral analysis tools Step 4: Install code-analysis tools Step 5: Utilize online analysis tools
How to build your own malware lab? (Cont'd ...)  Operating System? 1. Windows XP 2. Windows 7 3. Linux (REMnux from Lenny Zeltser)
Tools included in Malware Lab  Honeypot (Trap the Malware) Thug GhostUSB Honeypot
Tools included in Malware Lab (Cont'd...)  Behavioral analysis tools - Filesystem and Registry monitoring : CaptureBAT, Regshot, Filemon, - Process Monitoring : Process Explorer, Process Hacker, Procmon, CFF Explorer, PEID, PEView - Network Monitoring : Wireshark, Tcpdump, fakeDNS, ApateDNS, Tshark, TCPView, Netwitness, Netcat
Tools included in Malware Lab (Cont'd...)  Code Analysis Tools - Dissasembler / Debugger : IDAPro, Ollydbg, Immunity Debugger, Pydbg,Windbg, Fiddler (Web Debugger) - Memory Dumper : LordPE, OllyDump, Fast Dump HBGary, - Misc.Tools : Sysinternals, Dependency Walker, Hex Editor, Hash Calc, Mac Changer,
Tools included in Malware Lab (Cont'd...) Sandboxing ??? Based on Wikipedia, “in computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites.”
Tools included in Malware Lab (Cont'd...) Sandbox Apps :  Cuckoo Sandbox ( http://www.cuckoosandbox.org/)  Malheur ( http://www.mlsec.org/malheur/)  Buster Sandbox Analyzer ( http://bsa.isoftware.nl/)  ZeroWine Image (
Tools included in Malware Lab (Cont'd...)  Online Sandbox for Check the malware sample : - Anubis (http://anubis.iseclab.org/) - GFISandbox (http://www.threattrack.com/) - ThreatExpert (http://www.threatexpert.com/) - Norman Sandbox http://www.norman.com/security_center/security_tools/
Tools included in Malware Lab (Cont'd...)  Online Malware Scanner :  - Virus Total (https://www.virustotal.com/ )  - Wepawet (http://wepawet.iseclab.org/) → Web Based Malicious Apps detector  - AVG Web Scanner (
Tools included in Malware Lab (Cont'd...)  Online Malware Scanner : Complete List can be found here :  http://www.pentestit.com/list-online-malware-scanners/  http://zeltser.com/combating-malicious-software/lookup-malicious-websites.html
Additional Resources for Malware Analyst Malware Repository :  http://malware.lu  https://code.google.com/p/malware-lu/  http://contagiodump.blogspot.com/  http://www.offensivecomputing.net/  http://www.malwareblacklist.com/showMDL.php  http://www.scumware.org/
Finish Question? Thank You

Empfohlen

Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Lastline, Inc.
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
bartblaze
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in Sandbox
Rahul Mohandas
 
Android Malware Analysis
Android Malware AnalysisAndroid Malware Analysis
Android Malware Analysis
JongWon Kim
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
Charles Lim
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Lastline, Inc.
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
Chong-Kuan Chen
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Lastline, Inc.
 

Empfohlen

Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Lastline, Inc.
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
bartblaze
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in Sandbox
Rahul Mohandas
 
Android Malware Analysis
Android Malware AnalysisAndroid Malware Analysis
Android Malware Analysis
JongWon Kim
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
Charles Lim
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Lastline, Inc.
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
Chong-Kuan Chen
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Lastline, Inc.
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Security Bootcamp
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
Security Bootcamp
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
Chong-Kuan Chen
 
Security by Weston Hecker
Security by Weston HeckerSecurity by Weston Hecker
Security by Weston Hecker
EC-Council
 
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Neel Pathak
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
xabean
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade Detection
Lastline, Inc.
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Study
securityxploded
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
Ramin Farajpour Cami
 
Understand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day ThreatsUnderstand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day Threats
Rahul Mohandas
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysis
wremes
 
Data mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptxData mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptx
Aditya Deshmukh
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
Satria Ady Pradana
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
Julia Yu-Chin Cheng
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
Antonio Parata
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
Stephan Chenette
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
n|u - The Open Security Community
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
Albert Hui
 

Weitere ähnliche Inhalte

Was ist angesagt?

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
Security by Weston Hecker
Security by Weston HeckerSecurity by Weston Hecker
Security by Weston Hecker
EC-Council
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
Stephan Chenette
 

Was ist angesagt? (20)

Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
 
Security by Weston Hecker
Security by Weston HeckerSecurity by Weston Hecker
Security by Weston Hecker
 
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade Detection
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Study
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
Understand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day ThreatsUnderstand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day Threats
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysis
 
Data mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptxData mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptx
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
 

Andere mochten auch

Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3
CTIN
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
CTIN
 
CyberCrime
CyberCrimeCyberCrime
CyberCrime
CTIN
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8
limsh
 
Lecture2 network attack
Lecture2 network attackLecture2 network attack
Lecture2 network attack
rajakhurram
 

Andere mochten auch (20)

How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 
Seminar and Workshop Computer Security, BPPTIK Kominfo
Seminar and Workshop Computer Security, BPPTIK KominfoSeminar and Workshop Computer Security, BPPTIK Kominfo
Seminar and Workshop Computer Security, BPPTIK Kominfo
 
Cyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingCyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity Training
 
Building a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellBuilding a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin Cardwell
 
Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3
 
Secure lab setup for cyber security
Secure lab setup for cyber securitySecure lab setup for cyber security
Secure lab setup for cyber security
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
 
Windows Forensics
Windows ForensicsWindows Forensics
Windows Forensics
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
CyberCrime
CyberCrimeCyberCrime
CyberCrime
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8
 
Lecture2 network attack
Lecture2 network attackLecture2 network attack
Lecture2 network attack
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Hacking and Hacktivism
Hacking and HacktivismHacking and Hacktivism
Hacking and Hacktivism
 
Abstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat HuntingAbstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat Hunting
 
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a BudgetCISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements
 
Network Attacks
Network AttacksNetwork Attacks
Network Attacks
 

Ähnlich wie Setup Your Personal Malware Lab

0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...
0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...
0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...
Wayne Huang
 
Reversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysisReversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysis
Abdulrahman Bassam
 

Ähnlich wie Setup Your Personal Malware Lab (20)

Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on Examples
 
0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...
0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...
0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...
 
Module 5.pdf
Module 5.pdfModule 5.pdf
Module 5.pdf
 
Module 5.Malware
Module 5.MalwareModule 5.Malware
Module 5.Malware
 
Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Thinking Outside the Sand[box]
Thinking Outside the Sand[box]
 
Malware Evasion Techniques
Malware Evasion TechniquesMalware Evasion Techniques
Malware Evasion Techniques
 
Reversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysisReversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysis
 
Practical Incident Response - Work Guide
Practical Incident Response - Work GuidePractical Incident Response - Work Guide
Practical Incident Response - Work Guide
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting Malware
 
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of MalwaresAdvanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
 
Super1
Super1Super1
Super1
 
Advanced Malware Analysis Training - Detection and Removal of Malwares
Advanced Malware Analysis Training - Detection and Removal of MalwaresAdvanced Malware Analysis Training - Detection and Removal of Malwares
Advanced Malware Analysis Training - Detection and Removal of Malwares
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
 
Chapter 1 malware analysis primer
Chapter 1 malware analysis primerChapter 1 malware analysis primer
Chapter 1 malware analysis primer
 
Evading Antivirus software for fun and profit
Evading Antivirus software for fun and profitEvading Antivirus software for fun and profit
Evading Antivirus software for fun and profit
 
CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.pptCHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
 
Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence Morocco
 
Malware 101 by saurabh chaudhary
Malware 101 by saurabh chaudharyMalware 101 by saurabh chaudhary
Malware 101 by saurabh chaudhary
 

Mehr von Digit Oktavianto

Mehr von Digit Oktavianto (10)

IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramIDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
 
What the Hackers Do to Steal the Data?
What the Hackers Do to Steal the Data?What the Hackers Do to Steal the Data?
What the Hackers Do to Steal the Data?
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101
 
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkLeverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security Awareness
 
Career Opportunities in Information Security Industry
Career Opportunities in Information Security IndustryCareer Opportunities in Information Security Industry
Career Opportunities in Information Security Industry
 
Cyber Security Attack and Trend
Cyber Security Attack and TrendCyber Security Attack and Trend
Cyber Security Attack and Trend
 
Kelas Belajar Ubuntu Indonesia - Setup Your Blog Under Ubuntu Server
Kelas Belajar Ubuntu Indonesia - Setup Your Blog Under Ubuntu ServerKelas Belajar Ubuntu Indonesia - Setup Your Blog Under Ubuntu Server
Kelas Belajar Ubuntu Indonesia - Setup Your Blog Under Ubuntu Server
 

Kürzlich hochgeladen

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Kürzlich hochgeladen (20)

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Setup Your Personal Malware Lab

  • 1. SETTING UP YOUR OWN MALWARE LAB Presented by : Digit Okttavianto digit.oktavianto@gmail.com http://digitoktavianto.web.id JWC 4th Computer and Network Security Forum
  • 2. About Me Security Consultant Member of Honeynet Indonesia Chapter Member of OWASP Indonesia Coordinator of Cloud Indonesia (SysAdmin) Member KPLI Jakarta IT Security Enthusiast (Opreker :D)
  • 3. TODAY'S DISCUSSION  Introduction of Malware Analysis  What is Malware Lab?  How to build your own malware lab?  What tools are included in Malware Lab?
  • 4. Introduction of Malware Analysis Malware : Any piece of code that has malicious intentions and /or performs a function that the user was not aware that it was going to do Malware analysis : process of analyzing malware; how to analyze malware behavior; how to reverse the malware; how to disassemble the malware
  • 5. Introduction Malware Analysis (Cont'd..) Benefits from malware analysis?  We can investigate how the malware works  We can predict what it is going to do with the victims  We will know how to mitigate this malware attack (quickly assess the threat)  We can prevent further malware action  We will understand threat management better  We can secure our environment
  • 6. What is Malware Lab Malware Lab is a safe environment to analyze the malware. Basically, it is an isolated environment which contains a lot of tools that are useful for the malware analyst analyse.
  • 7. What is Malware Lab (Cont'd...) Why we should build a malware lab?  Proactive approach  Advanced detection (before AV vendor detects it?)
  • 8. What is Malware Lab (Cont'd...) Why an isolated and safe environment?  We need to execute the malware itself (dynamic analysis)  We interact with the malware to know how they works  We observe how the malware infects the file system, what files are infected, its registry and the network traffic.
  • 9. What is Malware Lab (Cont'd...) What are the purposes?  Personal research  Hobby  Profit oriented (Works as malware analyst)  Enhance knowledge
  • 10. How to build your own malware lab?  Physical Lab  Virtualization Lab
  • 11. How to build your own malware lab? (Cont'd ...)  Physical Lab Advantage : - No VM Aware Detection - Real environment lab - Full function as a victim Disadvantage : - Costly - Time to build the real environment
  • 12. How to build your own malware lab? (Cont'd ...)  Virtualization Lab Advantage : - Easy to deploy - Minimum cost - Easy to isolate and safe environment Disadvantage : - VM Aware detection
  • 13. How to build your own malware lab? (Cont'd ...)  Step for building your Malware Lab (taken from (http://zeltser.com/malware-analysis-toolkit/): Step1: Allocate physical or virtual systems for the analysis lab Step 2: Isolate laboratory systems from the production environment Step 3: Install behavioral analysis tools Step 4: Install code-analysis tools Step 5: Utilize online analysis tools
  • 14. How to build your own malware lab? (Cont'd ...)  Operating System? 1. Windows XP 2. Windows 7 3. Linux (REMnux from Lenny Zeltser)
  • 15. Tools included in Malware Lab  Honeypot (Trap the Malware) Thug GhostUSB Honeypot
  • 16. Tools included in Malware Lab (Cont'd...)  Behavioral analysis tools - Filesystem and Registry monitoring : CaptureBAT, Regshot, Filemon, - Process Monitoring : Process Explorer, Process Hacker, Procmon, CFF Explorer, PEID, PEView - Network Monitoring : Wireshark, Tcpdump, fakeDNS, ApateDNS, Tshark, TCPView, Netwitness, Netcat
  • 17. Tools included in Malware Lab (Cont'd...)  Code Analysis Tools - Dissasembler / Debugger : IDAPro, Ollydbg, Immunity Debugger, Pydbg,Windbg, Fiddler (Web Debugger) - Memory Dumper : LordPE, OllyDump, Fast Dump HBGary, - Misc.Tools : Sysinternals, Dependency Walker, Hex Editor, Hash Calc, Mac Changer,
  • 18. Tools included in Malware Lab (Cont'd...) Sandboxing ??? Based on Wikipedia, “in computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites.”
  • 19. Tools included in Malware Lab (Cont'd...) Sandbox Apps :  Cuckoo Sandbox ( http://www.cuckoosandbox.org/)  Malheur ( http://www.mlsec.org/malheur/)  Buster Sandbox Analyzer ( http://bsa.isoftware.nl/)  ZeroWine Image (
  • 20. Tools included in Malware Lab (Cont'd...)  Online Sandbox for Check the malware sample : - Anubis (http://anubis.iseclab.org/) - GFISandbox (http://www.threattrack.com/) - ThreatExpert (http://www.threatexpert.com/) - Norman Sandbox http://www.norman.com/security_center/security_tools/
  • 21. Tools included in Malware Lab (Cont'd...)  Online Malware Scanner :  - Virus Total (https://www.virustotal.com/ )  - Wepawet (http://wepawet.iseclab.org/) → Web Based Malicious Apps detector  - AVG Web Scanner (
  • 22. Tools included in Malware Lab (Cont'd...)  Online Malware Scanner : Complete List can be found here :  http://www.pentestit.com/list-online-malware-scanners/  http://zeltser.com/combating-malicious-software/lookup-malicious-websites.html
  • 23. Additional Resources for Malware Analyst Malware Repository :  http://malware.lu  https://code.google.com/p/malware-lu/  http://contagiodump.blogspot.com/  http://www.offensivecomputing.net/  http://www.malwareblacklist.com/showMDL.php  http://www.scumware.org/