Author Topic: Malware Analysis Environment (Read 4284 times)

mikazo · June 10, 2010, 12:14:30 am

Hi,

I'm new here and looking to get started in malware analysis. I'm just wondering, what type of environment does everyone use? Is VMware running Windows safe to analyze viruses? Do you have a dedicated "dirty" machine just for virus analysis? Do you use something like Deep Freeze to easily preserve an analysis environment? What tools are useful besides IDA, OllyDbg, Filemon, Regmon?

Thanks for any tips.

-Mike

ratsoul · June 10, 2010, 07:27:21 am

Hi mikazo,

read here: http://zeltser.com/malware-analysis-toolkit/.

moranned · June 11, 2010, 01:32:03 am

i use vm's to triage but also have a goat machine for analysis of vm-aware code. i route all connections from the goat through a linux gateway which allows me to control inbound and outbound connections.

ocean · June 27, 2010, 12:17:56 am

most of the work can be done with a good VM: VMware it think it's the best right now, Virtualbox is like unusable right now because of lots of nasty bugs like hw bps not working and lots others...

tools? every tool that's needed

mostly IDA, OllyDbg, the good old softice if needed, PEid+plugins, Explorer Suite, Python...

Author Topic: Malware Analysis Environment (Read 4284 times)

mikazo

Malware Analysis Environment

ratsoul

Re: Malware Analysis Environment

moranned

Re: Malware Analysis Environment

ocean

Re: Malware Analysis Environment