Malware:ITX8060:2010:LAB

Allikas: Lambda

Labs

1 Lab/Home assignment

report should be sent to course-malware@cert.ee

This exercise is group exercise

Analyze infected machine

ftp://monitor.adamson.cc/win7nakkat.tgz

Pass:


Questions that should be answered

a) what kind of malware you found

b) How you did it.

c) Based on malware disinfection steps considering that you counterpart do not have anti virus


2 Lab/Home assignment

report should be sent to course-malware@cert.ee

This exercise is group exercise Presentations will be expected starting from 29 November


Build Black box environment - so you can enable network assess gradually and monitor network activity. Build Fake Email service - so boxed environment thinks he can send email Run 2 malware samples and try to determine 

 a) To what ip-s or addresses  connections are made 
 b) if there is an authentication information try to determine domestication information

Malware samples are available from ftp://monitor.adamson.cc/infected.zip password as usual.

Results should be

Group should demonstrate blaxbox environment and ability to gradualy allow network resources. presented in document should be building instruction (description of system) instructions how to manage network resources with this system. Description how email service was faked

Result of malware black box analysis.


3 Lab/Home assignment

report should be sent to course-malware@cert.ee

This exercise is personal exercise.

Last home assignment to give you ability practice and test you skils in Static and dynamic revers engineering -

1) you should find strings from one executable inside of containers -hint aspack and notepad (Executable was broke so I send an other one unpacked)

2) you should follow up instructions-assignment given in strings

3) You should document the processes what tools did you use where you found this tools .

password is infected as usual

Results should be

1)Description how to unpack aspack paced file 
2) unpacked Binary with  answers of questions  in a Zip container   
3) Additional documentation about  how you resolved  puzzle  and tools you used for  each step and  recorded discovery’s 

 For example :Using linux standard files  command i determined that .. is actually ... command that i used was
 file ....   
 Result :  ....
Pärit leheküljelt "http://lambda.ee/w/index.php?title=Malware:ITX8060:2010:LAB&oldid=8462"