Install Qemu and KVM:
#cd ~
#apt-get update
#apt-get install qemu-kvm qemu
#ln -s /usr/bin/qemu-system-x86_64 /bin/qemu
Install P7zip-full
#apt-get install p7zip-full
Install ZeroWine-Tryouts:
#cd /usr/local/sbin
#wget https://master.dl.sourceforge.net/project/zerowine-tryout/zerowine-tryout/0.0.2.x/Prebuilt%20QEMU%20Image/zerowine-tryout-alpha4.1-image.7z
#7za x ./zerowine-tryout-alpha4.1-image.7z
#cd zerowine_vm/
#chmod +x ./start_img.sh
Back up the default IMG file before using ZeroWine-Tryouts:
#cp ./zerowine.img ./zerowin.img.bak
Running ZeroWine-Tryouts:
#./start_img.sh
More Information:
The default username and password of ZeroWine-Tryouts are:
root:zerowine1
malware:malware1
Saturday, December 15, 2018
Friday, December 14, 2018
Basic Malware Checking - PART II - Using IDA Pro
IDA Pro's version: v 7.0
1) Go to "Options"->"General...", and check the options below:
Comments
Repeatable comments
Auto comments
2) Go to "View"->"Open subviews"->"Segments", and see if the application is packed.
3) Go to "View"->"Open subviews"->"Imports", and see if there is any risky API being used.
4) Go to "View"->"Open subviews"->"Strings", and see if there is any keyword suspicious.
1) Go to "Options"->"General...", and check the options below:
Comments
Repeatable comments
Auto comments
2) Go to "View"->"Open subviews"->"Segments", and see if the application is packed.
3) Go to "View"->"Open subviews"->"Imports", and see if there is any risky API being used.
4) Go to "View"->"Open subviews"->"Strings", and see if there is any keyword suspicious.
Tuesday, December 4, 2018
Install and run WINE
Install Wine:
#dpkg --add-architecture i386
#apt-get update
#apt-get install wine
#apt-get install winetricks
#apt-get install wine32
Configure Wine:
#winecfg
Execute applications through Wine:
#wine test.exe
#dpkg --add-architecture i386
#apt-get update
#apt-get install wine
#apt-get install winetricks
#apt-get install wine32
Configure Wine:
#winecfg
Execute applications through Wine:
#wine test.exe
Monday, December 3, 2018
Basic Malware Checking - PART I
1) Change the sample's name to some other extensions which cannot be executed by OS. For example:
#mv ./test.exe ./test.ex_
2) Use ClamAV and YARA to scan the test.ex_ file.
3) Check the hash of the test.ex_ file by using the command below:
#whois -h hash.cymru.com `md5sum ./test.ex_`
4) Utilize the strings command to see if there is any suspicious string sitting in the test.ex_ file as shown below:
strings ./test.ex_
5) Leverage the peid application to check if there is any packer with the test.ex_ file.
6) Check those imported APIs within the test.ex_ file by using the Dependency Walker(http://www.dependencywalker.com/).
#mv ./test.exe ./test.ex_
2) Use ClamAV and YARA to scan the test.ex_ file.
3) Check the hash of the test.ex_ file by using the command below:
#whois -h hash.cymru.com `md5sum ./test.ex_`
4) Utilize the strings command to see if there is any suspicious string sitting in the test.ex_ file as shown below:
strings ./test.ex_
5) Leverage the peid application to check if there is any packer with the test.ex_ file.
6) Check those imported APIs within the test.ex_ file by using the Dependency Walker(http://www.dependencywalker.com/).
Saturday, December 1, 2018
How to Prevent DDoS Attacks on a Cloud Server Using Open Source Software
How to Prevent DDoS Attacks on a Cloud Server Using Open Source Software: Author and Co-Founder of Pickaweb, Tony Messer is back to tell you how to Prevent DDoS Attacks on a Cloud Server Using Open Source Software.
Subscribe to:
Posts (Atom)