Malware Domain List

Malware Related => Malware Analysis => Topic started by: mikazo on June 10, 2010, 12:14:30 am

Title: Malware Analysis Environment
Post by: mikazo on June 10, 2010, 12:14:30 am
Hi,

I'm new here and looking to get started in malware analysis. I'm just wondering, what type of environment does everyone use? Is VMware running Windows safe to analyze viruses? Do you have a dedicated "dirty" machine just for virus analysis? Do you use something like Deep Freeze to easily preserve an analysis environment? What tools are useful besides IDA, OllyDbg, Filemon, Regmon?

Thanks for any tips.

-Mike
Title: Re: Malware Analysis Environment
Post by: ratsoul on June 10, 2010, 07:27:21 am
Hi mikazo,

read here: http://zeltser.com/malware-analysis-toolkit/ (http://zeltser.com/malware-analysis-toolkit/).
Title: Re: Malware Analysis Environment
Post by: moranned on June 11, 2010, 01:32:03 am
i use vm's to triage but also have a goat machine for analysis of vm-aware code. i route all connections from the goat through a linux gateway which allows me to control inbound and outbound connections.
Title: Re: Malware Analysis Environment
Post by: ocean on June 27, 2010, 12:17:56 am
most of the work can be done with a good VM: VMware it think it's the best right now, Virtualbox is like unusable right now because of lots of nasty bugs like hw bps not working and lots others...

tools? every tool that's needed :P mostly IDA, OllyDbg, the good old softice if needed, PEid+plugins, Explorer Suite, Python...