Это видео недоступно.
Сожалеем об этом.
DIY Malware Analysis Lab for Free (with CrackMe Challenge!) | master0Fnone Ep. 2.1: Sandbox in a Box
HTML-код
- Опубликовано: 14 авг 2024
- (Part 1 of 2)
If you've ever wanted to analyze malware on your own without spending a fortune, this is your time.
In this free master0Fnone class, you will learn to:
1. Build a simple malware analysis lab for FREE, using 2 virtual machines (Remnux and Windows 10) and several free analysis and monitoring tools
2. Snapshot your lab and make it exportable so you can bring it anywhere
3. Examine some real malware samples in your newly-built sandbox, test out the tools we installed, and discover how to pull indicators of compromise and artifacts for detections and determining what the malware is trying to accomplish
4. Challenge you to take what you've learned and use it to achieve an entry on the "Wall of Fame" by analyzing the included "CrackMe" program and finding all the flags!
The jeFF0Falltrades master0Fnone Class series is a collection of free online courses dedicated to making learning complex topics - like malware analysis - more accessible (and fun) to everyone.
Please leave feedback and questions here as comments, or DM me on Mastodon (social links listed on the channel).
Check the pinned comment for any updates to the content.
Let me know what you would like to see in future videos!
Project Homepage and CrackMe Challenge Instructions: github.com/jeF...
CrackMe Challenge Form: forms.gle/nE2y...
Thank you to these incredible artists whose works were featured in this video:
Thumbnail image derived from this work by gstudioimagen1 on Freepik
www.freepik.co...
Intro Music from #Uppbeat (free for Creators!):
uppbeat.io/t/m...
License code: ZD860DLJBOAVDIIH
Intro Music from #Uppbeat (free for Creators!):
uppbeat.io/t/s...
License code: YMTA0L5AOB19X1SV
00:00:00 - Sarcastic Intro & Unsarcastic Apology
00:02:57 - Course Overview
00:05:35 - Important Notes
00:07:57 - Part 1 Start/VirtualBox install
00:11:55 - Importing/Configuring Remnux
00:15:29 - Detour: FLARE-VM
00:16:55 - Remnux VM settings
00:20:35 - VirtualBox Guest Additions (Remnux)
00:21:57 - Accessing shared folders (Remnux)
00:22:58 - Upgrading/Updating Remnux
00:23:47 - Detour: Validating our network connection
00:25:54 - Custom tools/parse_hashes.sh
00:32:35 - the RAT King Parser
00:33:37 - INetSim configuration
00:38:36 - Creating our virtual network
00:46:29 - Burpsuite/INetSim troubleshooting & setup
00:52:12 - Finishing our Remnux machine
00:53:32 - our Windows VM/troubleshooting
01:02:00 - Disabling Windows Update
01:04:00 - pafish (Paranoid Fish) & VBoxCloak
01:11:48 - Disabling Windows Defender & Firewall
01:16:46 - Networking setup (Windows)
01:18:17 - Testing HTTPS traffic capture w/ the Burpsuite root certificate
01:23:43 - Creating the final Clean snapshot for Remnux
01:25:33 - Ghidra/JDK/Python/7Zip & Revealing hidden files/folders/extensions
01:31:43 - IDA Free
01:32:45 - x64dbg
01:34:06 - System Informer/Process Hacker
01:35:25 - Process Monitor
01:36:41 - Chrome
01:37:08 - Wireshark
01:39:57 - LibreOffice/Setting macro security
01:44:07 - .NET 8.0 SDK
01:44:30 - dnSpy
01:46:05 - Capture-Py
01:48:27 - Detect-It-Easy
01:50:05 - de4dot
01:52:21 - pe-sieve
01:54:10 - VbsEdit
01:55:11 - CMD Watcher
01:57:23 - ProcessSpawnControl
02:00:30 - Exporting VMs/Last-minute crises/troubleshooting
02:07:31 - Disabling Edge running in background
02:08:50 - Cleanup and final snapshots
02:10:20 - False ending/fixing procmon
02:11:28 - Congratulations! End of Episode 2.1
![Finesse2Tymes & Og Boo Dirty - Real Recognize Real [Official Music Video]](http://i.ytimg.com/vi/3xb4bl5PWF8/mqdefault.jpg)
To my loyal and wonderful subs: I apologize again for the delay on this one - our 10,000 sub celebration is now an 11,000 sub celebration, which is awesome, but I am sorry it took this long to push this out and I hope the wait was worth it ❤️
Check this pinned comment for corrections and updates and thanks for watching!
EDIT: Thanks to @BrakeSec for the suggestion, I added a simple helper script so you don't have to worry about commenting out the netplan configuration yourself; It's added to the repo!
Just as I bought Practical Malware Analysis (the alien book), this video comes out! Some really good timing! :P
YES!!! I'm so happy for you because that book is a treat. And you'll find my set up is very akin to the one in the book, so I hope this complements it well :-). Also, if you're interested, No Starch Press just this month came out with another book called "Evasive Malware" that I call out in this video. I haven't read through all of it yet, but what I have read has been really good!
Thanks for watching and I hope you enjoy both this and PMA!
The alien book is top tier :)
The king posted ! Stop what ur doing and open your best disassembler ;)
Jokes aside i like how you introduction more and more useful tools each video
@@0ri0nexe Man you made my day hahaha. I’m in the middle of finishing up editing Part 2 (which I can say DEFINITIVELY will be out tomorrow AM, Eastern Time), and I really needed this motivation.
Thanks for being a great hype man and I am glad you find the tools useful! I’m so happy to finally share my lab setup as it’s been good to me all these years.
@@jeFF0Falltrades Two videos in a row, what a time to be alive.
@@0ri0nexe 🤣
Great job! Appreciate it veeery much. Also congrats on becoming a dad.
BTW: I have tested VBox 7 Unattended installation for Win10 and I always had problems with the VM - freezes/slow running (problem is confirmed by other users having the same issue).
Thanks so much on both accounts, and thanks for being here!
@@micha7863 thanks for attesting to the unattended installation stuff as well - as you’ll see (if you haven’t already) it DOES cause issues for me as well 🥴
@@jeFF0Falltradesoh ok, i was commenting while watching, thanks again!
I figured haha. Didn't mean to spoil it for you, but yeah, had quite a few "live" troubleshooting instances with VirtualBox/Windows
Thank you I love your content
@@CrusaderMen Thank *you*! I hope you enjoy this one too
sorry coming back here where can I find the example_https_call program to test my https connections? NEVER MIND I succeeded
@@moshedo7975 If you still need the example let me know but any HTTPS traffic should do! Glad to hear you’re progressing!!!
Hello, Jeff!
I got some issues on REMnux installation process, still fighting with same problem,
"issues" board on github doesn't make sense for me, and i really want to step through the process with your video, so idk what to do with that, right now i'm installing Flare-VM
is it ok to contribute in crackme challenge with my own Flare-VM setup?
thank you for your time!
@@ghaBBster Absolutely! No need to use this particular sandbox for the challenge!
If you do need help troubleshooting with anything Remnux related, feel free to leave a comment or Issue to talk further about it :-)
@@jeFF0Falltrades thanks for reply,
Finally i figured out how to install and prepare REMnux,
Right now i got some challenge with establishing the connection between REMnux network and victim's Windows machine,
I configured the REMnux (burpsuite and inetsim) and Windows network settings,
but don't get a connection on 10.10.10.3:8080 on Windows machine
btw i use VMWare pro 17 on Windows 10 and maybe that virtualization tool is what makes the deal between yours and mine implementation
Whatever comes to mind to make clear on this situation - i would be glad to see your reply
thanks for your time!
@@jeFF0Falltrades finally i figured out REMnux installation and further configuration,
thanks for detailed sections of setting up the REMnux machine
Right now I have challenge with establishing the connection between REMnux (burpsuite) and Windows victims's machine, don't get any reply on 10.10.10.3:8080
i rewatched and rechecked all sections in tutorial (before this section about connection) but have the same issue
Btw i use VMware pro 17 on Windows 10 machine, maybe this difference makes the deal, but i doubt it,
So, if you have any ideas - please let me know
And congratulations on being a dad and 11k subs, i really enjoy watching your content!
@@ghaBBster Thank you so much for the kind words, and congrats on the progress!!!
Regarding the connectivity: Are you able to do a simple ping from the windows to the remnux machine? Or pull a regular page by opening the browser and going to any site (while inetsim is running)?
If so, we can move on to Burp troubleshooting; if not it may be a broader networking issue between your VMs.
Let me know and we can work through it.