Irregular Expressions

Aug 15 2012   7:28PM GMT

VMWare Malware Lab – Networking Edition

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

When doing analysis I try to keep away from the infection machine, I keep my lab statically setup with an IP, and DNS, Gateway pointing at another machine. For a basic target all you need to do is have tcpdump running to capture any networking requests. If you want to get more complicated you can start emulating services like DNS and WWW.

In most cases the basic connection information will give you just enough to create an IDS/IPS signature.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: