Posted by: Dan O'Connor
avoid virtual machine malware detection, virtual, vmware, vmware malware detection
When doing analysis I try to keep away from the infection machine, I keep my lab statically setup with an IP, and DNS, Gateway pointing at another machine. For a basic target all you need to do is have tcpdump running to capture any networking requests. If you want to get more complicated you can start emulating services like DNS and WWW.
In most cases the basic connection information will give you just enough to create an IDS/IPS signature.