Irregular Expressions:


August 18, 2012  12:39 AM

Working With Packed / Protected Executables

Posted by: Dan O'Connor
code packer, packed code, tools, vmware, vmware malware detection, vulnerabilities

First I have to say that I dislike having to do this. My main problem is that if you are going to take the time to pack and attempt to protect your EXE, it's obvious that you are up to no good. For legitimate applications there is times when you would want to do this, but if it's some random...

August 15, 2012  7:28 PM

VMWare Malware Lab – Networking Edition

Posted by: Dan O'Connor
avoid virtual machine malware detection, virtual, vmware, vmware malware detection

When doing analysis I try to keep away from the infection machine, I keep my lab statically setup with an IP, and DNS, Gateway pointing at another machine. For a basic target all you need to do is have tcpdump running to capture any networking requests. If you want to get more complicated you can...

August 15, 2012  1:17 AM

VMWare Malware Lab

Posted by: Dan O'Connor
virtual, virtualbox, vm, vmware

I am not going to cover the basic setup of a VMWare based lab, really you can use what ever you want as long as you can attempt to keep it isolated from the system. I use VMWare for a couple reasons, mainly for the ability for me to take vm's from fustion, workstation, ESXi and move them back...

July 9, 2010  11:46 AM

VMWare VM Redundancy

Posted by: Dan O'Connor
SAN redundancy ESXi, VM redundancy ESXi, vmware

Have you ever had a VM that you needed to keep running if your SAN was not? This problem came across my desk at one point and it took a bit of thinking but I think I got a pretty good solution figured out. The ESXi host will be booting off a local disk, it will also have a local datastore. ...

July 5, 2010  1:12 PM

Xen vs VMWare

Posted by: Dan O'Connor
vmware, vmware performance, xen, xen performance, xen vs vmware

This is a little older then I would like, but I have not been able to find anything else like this document.

May 29, 2010  11:06 PM

VMWare hardening guide

Posted by: Dan O'Connor
vmware, Vmware hardening

I found this after doing my last ESXi install and I thought it would be worth sharing, it's always handing to have a document to follow. Enjoy.

February 19, 2010  11:37 PM

Recovering from a failed DMotion

Posted by: Dan O'Connor
dmotion, failed dmotion, vmware, vmware-cmd

A few weeks back I was asked to recover a ESX 3.5 host that had VM that was in a strange state.  The VM was supposed to have been DMotion over to another datastore but it had failed.  The VM was still running but no operations were possible on it, I could not edit it or control the power...

February 8, 2010  10:07 PM

Finding VM snapshots – Part 3

Posted by: Dan O'Connor
find, snap shot, snapshot, sort, uniq, unix, vmware, wc

Find can be given multiple date constraints to narrow down the results returned. `find /vmfs/volumes/ -mtime +1 -mtime -10 -type -f -name "*00*.vmdk"` Will locate files that where the file was last modified at least 1 day ago (-mtime +1) but not more then 10 (-mtime -10). Find has several...

February 5, 2010  9:20 PM

Finding VM snapshots – Part 2

Posted by: Dan O'Connor
find, snap shot, snapshot, sort, uniq, unix, vmware, wc

Using find to locate vm's with snapshots is easy. `find /vmfs/volumes/ -type f -name "*00*.vmdk" | awk -F "/" '{print $1"/"$2"/"$3"/"$4"/"$5 }' | uniq` Find is just not limited to locating the files but it is able to preform actions on it. Using the `-exec` allows any command to...

February 3, 2010  11:20 AM

Finding VM snapshots – Part 1

Posted by: Dan O'Connor
find, snap shot, snapshot, sort, uniq, unix, vmware, wc

Locating VM's with snapshots on a datastore is easy if you know how to use the find command. `find /vmfs/volumes/ -type f -name "*00*.vmdk"` Will look through the /vmfs/volumes/ looking for files with names that match the provided pattern. More specifically the folders those files are stored...

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: