<aside> 📌 Sommaire

</aside>

Safe malware sourcing

• PMAT Labs: https://github.com/HuskyHacks/PMAT-labs
• theZoo: https://github.com/ytisf/theZoo
• vx-underground main site: https://www.vx-underground.org/
• vx-underground GitHub repo: https://github.com/vxunderground/MalwareSourceCode
• Zeltser Resources: https://zeltser.com/malware-sample-sources/
• MalwareBazaar: https://bazaar.abuse.ch/

Safety ALWAYS

• keep the malware safe by adding a detonation prevention extension eg. .malz custom extension
• malware password is by convention infected

Course Repo

Read warning and EULA

https://github.com/HuskyHacks/PMAT-labs

Cloud Setup

https://youtu.be/GBMb18aSZkQ

Analysis Network Setup

• We want our machines to be connected to a network separated from our machines, the objective is to avoid any malware leakage to our network. Moreover, it will allow us to control the network as we want
• Then on REMNUX we can run sudo inetsim
  • Configure /etc/inetsim/inetsim.conf,
  • remove the comment for service dns
  • set bind-address to 0.0.0.0 and enable DNS bind address to the external IP of the VM (10.0.0.131)
  • In case of errors with the DNS udp port, check port usage with sudo netstat -tulpn | grep LISTEN and stop the required services
• Add REMNUX as the DNS server for the windows host