Chapter 2. Malware Analysis in VMs

Slides:



Advertisements
Similar presentations
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Advertisements

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
Computer Network (MASQ/NAT/PROXY)
Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.
1 Virtualization and Virtual Machines Sarah Diesburg 1/10/2013 COP 5641.
Virtualization A way To Begin with Virtual Reality… - Rahul Khanwani.
To run the program: To run the program: You need the OS: You need the OS:
Space Science and Engineering Center University of Wisconsin-Madison Virtual Machines: A method for distributing DB processing software Liam Gumley.
Using Virtualization in the Classroom. Using Virtualization in the Classroom Session Objectives Define virtualization Compare major virtualization programs.
IT:Network:Applications Fall  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Hands-On Virtual Computing
ICT Day Term 4,  Virtualisation is growing in usage.  Current CPU’s are designed to support Virtualisation.  Businesses are looking at virtualisation.
Using Virtualization in the Classroom. Using Virtualization in the Classroom Session Objectives Define virtualization Compare major virtualization programs.
V IRTUALIZATION Sayed Ahmed B.Sc. Engineering in Computer Science & Engineering M.Sc. In Computer Science.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Network Plus Virtualization Concepts. Virtualization Overview Virtualization is the emulation of a computer environment called a Virtual Machine. A Hypervisor.
INTRODUCTION TO VIRTUALIZATION KRISTEN WILLIAMS MOSES IKE.
Port Forwarding in VM brief intro
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Mastering Windows Network Forensics and Investigation Chapter 17: The Challenges of Cloud Computing and Virtualization.
Virtualization One computer can do the job of multiple computers, by sharing the resources of a single computer across multiple environments. Turning hardware.
Hands-On Virtual Computing
Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.
Virtual Machines Mr. Monil Adhikari. Agenda Introduction Classes of Virtual Machines System Virtual Machines Process Virtual Machines.
VIRTUAL MACHINE – VMWARE. VIRTUAL MACHINE (VM) What is a VM? – A virtual machine (VM) is a software implementation of a computing environment in which.
Virtualization - an introduction Gordon Ross Computing Service.
1 Virtualization "Virtualization software makes it possible to run multiple operating systems and multiple applications on the same server at the same.
VirtualBox. VirtualBox – key points ● What is a virtual machine. ● How to get the software. ● Install the host software. ● General Tweeks. ● Security.
The Docker Container Approach to Build Scalable and Performance Testing Environment Pankaj Rodge, VMware.
Using Virtualization in the Classroom
Virtual Machine and VirtualBox
Introduction to Virtualization
Chapter 2. Malware Analysis in VMs
Chapter 6: Securing the Cloud
CSC227: Operating Systems
Fundamentals Sunny Sharma Microsoft
Agenda Hardware Virtualization Concepts
Instructor Materials Chapter 7 Network Security
Operating Systems Design (CS 423)
Lecture 24 Virtual Machine Monitors
Virtual Servers.
Virtual Machines.
Group 8 Virtualization of the Cloud
Hands-On Virtualization in the Classroom
Part 1: Basic Analysis Chapter 1: Basic Static Techniques
Network+ Guide to Networks 6th Edition
Introduction to Operating Systems
Virtualization Meetup Discussion
Virtualization Layer Virtual Hardware Virtual Networking
Virtualization Techniques
Firewalls Routers, Switches, Hubs VPNs
Planning the Addressing Structure
Virtual Machine and VirtualBox
CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors
Virtual Machine and VirtualBox
Introduction to Virtual Machines
Virtual Machine and VirtualBox
Cloud Security AWS as an example.
Introduction to Virtual Machines
Cloud Security AWS as an example.
Designing IIS Security (IIS – Internet Information Service)
Basic Dynamic Analysis VMs and Sandboxes
Port Forwarding ( VirtualBox / VMware Player )
SQL Server on Containers
Presentation transcript:

Chapter 2. Malware Analysis in VMs

Virtual Machine (VM) VM – Software implementation of a machine that executes programs like a physical machine. Abstraction layer – decouples the physical hardware from the operating system Shares physical hardware resources with other users Cloud Computing – share hardware resources (VM vs. Docker Container – all the dependencies for an application to run)

Sandbox A type of container: placed around an application. A virtual environment with restrictions.

VM – Cloud Computing

VMs Most malware must be executed in order to analyze them Running on production machine -> spread to others (worms) Requires a safe environment with no risk VirtualBox and Vmware Host-only networking to monitor network traffic Snapshots and roll-back Record and replay execution

VM Structure Guest OS installed inside host OS as a VM VM is isolated from the host OS

Host-only Networking Host-only networking: creates a separate private LAN between the host OS and the guest OS Malware is contained in VM, but not the Internet

Host-only Networking

Connecting VM to the Internet Default option in VirtualBox (NAT) NAT mode shares the host IP; host acts as a router and translates all the requests from VM In real malware analysis: Cautious – spreading worm, becoming botnet for DDoS, spamming Malware authors may notice you are connecting to the control server and trying to analyze

VM: Snapshot Snapshot is unique to VM Allows you to save the current state and possibly return to this state in future Extremely helpful in malware analysis Usually after you install all the tools, make a snapshot, or before you analyze some unknown program

Virtual Box Snapshot Under Machine -> Snapshot, view all the snapshots taken

Risks of using VM Malware can detect it is in VM and behave differently VM also have bugs, cause the host OS to crash or run the code on host OS (through the share folder possibly) Make sure the host OS is fully patched Avoid using a sensitive machine to perform malware analysis (save some of the non-personal files to the cloud like dropbox)

In-Class Homework Setup a Snapshot, Run malware and Rollback

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.