Security Basics mailing list archives
Malware Analysis vs. Analysing a 'dirty' OS
From: Syn Ack <synackackack () gmail com>
Date: Sat, 31 Aug 2013 02:22:49 +0000
Hi All, So some time back (year or 2 ago at least) I bought a copy of Win Server 2008 R2 from a computer mall/market type thing in Beijing, China. Can't remember exactly how much it cost, but it was ridiculously cheap. Came on a blank CD type deal. Some questions: 1) Surely will have nasties (malware, backdoors, etc) loaded by default, right? ... I have looked a little bit into building a malware analysis environment and I assume the process of analysing an OS would be similar, but given this is an entire OS not a little .exe we are launching from a fresh/rollbacked environment, where we start the analysis... 2) How would you go about analysing a potentially dirty OS as oposed to a smaller executable? is it exactly the same? I would imagine you want to- - monitor memory, disk R/W - monitor network activity - check listening ports - differentiate between bad/good traffic (appreciate that this is probably the main skill of a malware analyst, but there will be a lot going on and i assume its easier when you know what executable you are about to launch and can scope your searching/monitoring a lot easier). Without that ability, I guess that you're quite likely to need to baseline traffic against a known good host, to assist identifying good vs. bad traffic. Cheers ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Malware Analysis vs. Analysing a 'dirty' OS Syn Ack (Sep 02)
- Re: Malware Analysis vs. Analysing a 'dirty' OS Robert Larsen (Sep 16)