Register

Forgot Password

Site FAQ

Home > IT Blogs > Irregular Expressions > VMWare Malware Lab – Networking Edition

>>VIEW ALL POSTS

Irregular Expressions

Aug 15 2012 7:28PM GMT

VMWare Malware Lab – Networking Edition

Posted by: Dan O'Connor

When doing analysis I try to keep away from the infection machine, I keep my lab statically setup with an IP, and DNS, Gateway pointing at another machine. For a basic target all you need to do is have tcpdump running to capture any networking requests. If you want to get more complicated you can start emulating services like DNS and WWW.

In most cases the basic connection information will give you just enough to create an IDS/IPS signature.

Comment

RSS Feed

Email a friend

Comment on this Post

Leave a comment:

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags

Irregular Expressions

VMWare Malware Lab – Networking Edition

Comment on this Post

About This Blog

Browse This Blog’s Tags

Archives

Blog Roll

Subscribe to Alerts