My Octopress Blog

A blogging framework for hackers.

Setting Up a Malware Lab.

Setting up your malware test environment correctly is very important. This is my 2 cents on the matter.

There are 2 main options in my opinion:
1) A basic, portable lab.
2) Fully professional lab.

The essential components:
1) Easily restorable. Definitely. 2) Correct tools.
3) Upgradable/Managable.
4) Isolated!

My setup (which I’m going to use here) is what I would consider basic, say in comparsion to Fireeye’s lab or perhaps the People’s Liberation Army lab.

Install a Windows 7 VM on a host. Personally I use VMWare. I find it solid. (Set the patch level of the machine to low).

Ensure the VM is isolated BUT you can connect to the Web when needed. Point 3 - easily managable!

Tools

System
Sysinternals Suite

Networking/Investigations
Wireshark
WinScp
Netcat
Fport
Wget
Putty

Anti-Rootkit
RootkitBuster

Static Analysis
Md5deep
PeID
PE Browse
PE Studio

Change Analysis
Regshot

Web
Firebug
NoScript

Reverse Engineering Tools
IDA Pro
Ollydbg
HiEW
Volatility
•Skill and patience! Comes with time.

Take a snapshot when finished and you’re golden. Next we’ll discuss Static vs Dynamic Analysis. All good analysts should at a minimum be able to perform Static Analysis! Fullstop.