![]() Here we see different security like WEP, WPA and WPA 2. You'll all the Wifi hotspots available in your area. Start -> Point to the ISO Image of the OS -> Follow OS installation Procedures Now in Main Menu of VirtualBox you'll notice the name of the machine you just created. New -> Allot Name and Type of OS -> Select RAM Memory Size -> Create New Hard Disk -> VDI -> Dynamically Allocated -> Summary -> Create You need to have the ISO Image of the OS you want to host on the virtualbox. System Tools -> Add / Remove SoftwareStart VirtualBox after installationĪpplications -> Accessories -> VirtualBox Install VirtualBox on your Kali or Backtrack (or any other linux): You don't always have access to shared LANs where there a lot of vulnerable machines that you're allowed to experiment on.įor Example: ARP Poisoning on a Large LAN would bring down the network quickly and you won't have a good time explaining to Network Admin why you weren't testing on an isolated environment.įor numerous reasons it's best if you work in Virtual Environments. Settting up a Virtual Lab on your PC becomes indispensable if you're trying out attacks. From here, I could have manually search for vulnerabilities on the Windows xp and then try to exploit them but I chose the easy way on Armitage, which is 'Hail Mary'Īttacks -> Hail MaryIt tried some common exploits relating to available services on victim machine and gave me the 'red' around that host, which means host is compromised. Now I can see this windows xp host in Armitage Workspace. OR I could manually 'add host' by providing its IP. Here I am attacking a Windows XP system using Armitage on Kali Linux. ![]() The tool is self-explanatory, all you do is point and click. Learning stuff on 'msfconsole' or 'msfcli' before moving on to Armitage, is a better approach in my opinion. It's 'ok' to quickly automate some routine Metasploit tasks using Armitage but if you're trying to learn something, Armitage adds a level of Abstraction and makes you a perfect Script kiddie. Wireshark: To observe Packet flow on the network after infection.įirst off, Let me say Armitage is not something I like. (Note-to-Self: Read a Good Primer on Assembly Language)Ĭomodo Instant Malware Analysis: A good short summary of the submitted exeĪnubis: You can analyze unknown binaries here I had trouble figuring out Assembly though. Ollydbg: A debugger to reverse the Malware executable into Assembly code. Regshot: takes a snapshot of registry before and after the Malware infection and then compares them. We would execute the Malware and then observe it by name in Process Internals. Process Monitor sysInternals: Gives a detailed look at Processed running on the system. We used the following Tools during analysis: We collected the virus samples from various places including: ![]() She runs her samples in a Virtual Sandbox ( CWSandbox), while I installed a fresh copy of Windows on a VirtualBox. However, I helped in analyzing Malware Samples, collected from various sources.įirst thing we did was to set up a virtual environment. ![]() The subject of the thesis is complicated, relating to the Behavior-based analysis of Malware. Recently, I was helping out a Ph.D Candidate with her thesis on Malware Analysis. Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn
0 Comments
Leave a Reply. |