1 00:00:00,330 --> 00:00:07,410 One cannot learn malware analysis thoroughly without doing some Hands-On practice in order to analyze 2 00:00:07,410 --> 00:00:08,020 a malware. 3 00:00:08,370 --> 00:00:11,370 We have to build a dedicated and isolated machine. 4 00:00:12,340 --> 00:00:16,330 This is done to ensure that the malware doesn't harm any production systems. 5 00:00:17,190 --> 00:00:21,400 This dedicated and isolated machine is called as sandbox. 6 00:00:23,230 --> 00:00:26,020 There are different ways you can set up a sandbox. 7 00:00:27,000 --> 00:00:27,750 Option one. 8 00:00:29,140 --> 00:00:37,570 We have flare vm by FireEye, which is ready to use Windows based operating system, preloaded 9 00:00:37,570 --> 00:00:40,660 with several tools used for malware analysis. 10 00:00:42,340 --> 00:00:48,790 Option two, we can build everything from scratch using a hypervisor and several open source tools. 11 00:00:49,850 --> 00:00:52,130 We will use this option for this course. 12 00:00:54,560 --> 00:01:00,380 Before we start building our own sandbox from scratch, there are some caution we need to exercise, 13 00:01:00,650 --> 00:01:07,370 like keep a separate virtual machine for malware analysis, that is, do not use this machine for any 14 00:01:07,370 --> 00:01:08,090 other purpose. 15 00:01:08,990 --> 00:01:11,680 Do not keep any important data on the machine. 16 00:01:12,830 --> 00:01:15,230 Ensure the hypervisor is up to date. 17 00:01:15,950 --> 00:01:21,170 Some malware can make use of vulnerabilities present in hypervisor to compromise. 18 00:01:21,320 --> 00:01:22,190 Host computer. 19 00:01:23,660 --> 00:01:29,990 Remove any network connectivity to the virtual machine as a best practice, always put the VM in host 20 00:01:29,990 --> 00:01:33,380 only mode, also disable all network adapters. 21 00:01:35,120 --> 00:01:39,530 Ensure there are no shared folders between VM and host machine. 22 00:01:40,930 --> 00:01:44,100 Do not use USB devices with virtual machines. 23 00:01:45,350 --> 00:01:50,870 When downloading any malware for analysis, always download password-protected samples. 24 00:01:53,670 --> 00:02:00,540 An important note at this point in time, we have still not learned what is malware analysis or how to 25 00:02:00,540 --> 00:02:01,640 do malware analysis. 26 00:02:02,400 --> 00:02:09,300 However, let's get introduced to the list of tools that we will be using for malware analysis in our lab. 27 00:02:11,010 --> 00:02:16,210 So if you get a question as to why we are downloading this list of tools. 28 00:02:17,270 --> 00:02:21,360 Hold that thought for now and we will find the answer in the next Module. 29 00:02:23,270 --> 00:02:27,710 Here's the list of software you would need to build the malware analysis lab. 30 00:02:29,100 --> 00:02:33,520 Hypervisor, it could be virtual box or VMware workstation. 31 00:02:34,290 --> 00:02:36,450 We will be using virtual box in this demo. 32 00:02:37,800 --> 00:02:40,020 Windows 7 or Windows 10 operating system. 33 00:02:41,230 --> 00:02:42,890 We will use Windows 7 in this demo. 34 00:02:44,210 --> 00:02:48,140 You can download the developer version of this operating system from these links. 35 00:02:50,030 --> 00:02:56,430 Few of the tools we would need to do malware analysis include HashCalc HxD, 36 00:02:57,590 --> 00:03:00,770 Exe info PE, UPX 37 00:03:02,340 --> 00:03:03,090 Bin text. 38 00:03:04,330 --> 00:03:04,800 PE studio 39 00:03:07,000 --> 00:03:14,080 Process monitor, regshot, autoruns, procdot and fakenet 40 00:03:15,490 --> 00:03:22,180 If you are wondering what these tools do again, let me repeat that we will be learning about each of 41 00:03:22,180 --> 00:03:24,250 these tools in the future module's.