I’m starting with my malware lab but before you read maybe you are interested in REMnux a Linux Distribution for Reverse-Engineering Malware that offers many analysis tools. My lab will consist in two virtual hosts, one of them will be the victim where all the malware will be executed and the other will act as [...]
Archive for July, 2010
Building the Linux Malware Lab – DJBDNS
Posted in Miscellaneous on 07/20/2010 | 2 Comments »
If you build it they will come
Posted in Honeypots, IDS/IPS on 07/17/2010 | 4 Comments »
Thanks to Kippo SSH Honeypot and those who generously have donated their rootkits and bot software, now I have six interesting malware samples to play with. I’ve examined three of these files on an isolated machine and these are my first impressions: People from Western Europe are really bored so they like to write amusing [...]
Suricata 1.0.0 – Howto Part 1
Posted in IDS/IPS on 07/03/2010 | 5 Comments »
On July 1, 2010 the Open Information Security Foundation released the first stable version of Suricata IDS. I’m a long time Snort user but I want to know more about this IDS so I’m going to write a howto for Suricata installation and configuration on Debian 5.0. Suricata is ready for using PF_RING the new [...]
