I was recently approached about what tools might be good for use in a malware lab, so I created a directory listing of my "Tools" hard drive and then just added a little formatting. Afterward, I decided that the list I had might be helpful to others who may be building a virtual lab analysis environment for the first time (malware or otherwise), so just in case it's useful to others, I figured I would post it. The list is by no means exhaustive, and by its nature includes some duplicates, but it does (in my humble opinion) seem to represent a nice blend of both malware analysis and digital forensics tools. Enjoy!
Update: I had a long plane ride after I wrote the above post, and I wanted to address a follow-up question my friend had about building a malware lab. I may devote an entire post to that down the road, however for now a couple of quick updates. I was asked which flavor of OS to use, and there are a couple thoughts I have about that...
(1) If you're building the lab for your work environment, and most of your users have a standard image, there is an argument toward using that exact configuration. That way, when testing a piece of malware, you may have a better sense of how it may behave in your environment.
(2) No matter which OS you choose, if you are using VMWare to detonate malware, make sure you turn OFF memory sharing...just to be safe!
Sunday, February 14, 2016
Subscribe to:
Posts (Atom)