Irregular Expressions

Aug 15 2012   7:28PM GMT

VMWare Malware Lab – Networking Edition

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

When doing analysis I try to keep away from the infection machine, I keep my lab statically setup with an IP, and DNS, Gateway pointing at another machine. For a basic target all you need to do is have tcpdump running to capture any networking requests. If you want to get more complicated you can start emulating services like DNS and WWW.

In most cases the basic connection information will give you just enough to create an IDS/IPS signature.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: