Security Basics
Malware Analysis vs. Analysing a 'dirty' OS Aug 31 2013 02:22AM
Syn Ack (synackackack gmail com) (1 replies)
Hi All,

So some time back (year or 2 ago at least) I bought a copy of Win
Server 2008 R2 from a computer mall/market type thing in Beijing,
China. Can't remember exactly how much it cost, but it was
ridiculously cheap. Came on a blank CD type deal.

Some questions:

1) Surely will have nasties (malware, backdoors, etc) loaded by default, right?

... I have looked a little bit into building a malware analysis
environment and I assume the process of analysing an OS would be
similar, but given this is an entire OS not a little .exe we are
launching from a fresh/rollbacked environment, where we start the
analysis...

2) How would you go about analysing a potentially dirty OS as oposed
to a smaller executable? is it exactly the same?

I would imagine you want to-
- monitor memory, disk R/W
- monitor network activity
- check listening ports
- differentiate between bad/good traffic (appreciate that this is
probably the main skill of a malware analyst, but there will be a lot
going on and i assume its easier when you know what executable you are
about to launch and can scope your searching/monitoring a lot easier).
Without that ability, I guess that you're quite likely to need to
baseline traffic against a known good host, to assist identifying good
vs. bad traffic.

Cheers

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Malware Analysis vs. Analysing a 'dirty' OS Sep 16 2013 08:32AM
Robert Larsen (robert the-playground dk)


 

Privacy Statement
Copyright 2010, SecurityFocus