Scribd Logo
Upload

Welcome to Scribd!

  • Lab 8-10-Iam302

    Uploaded by

    Dao Vu Tuan Dat
    18 views32 pages
    The best risk mitigation strategy requires building and implementing a CIRT response plan. This means you are preparing for potential computer/security incidents and practicing how to handle these incidents.

    Original Title

    Lab 8-10-iam302

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The best risk mitigation strategy requires building and implementing a CIRT response plan. This means you are preparing for potential computer/security incidents and practicing how to handle these incidents.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views32 pages

    Lab 8-10-Iam302

    Uploaded by

    Dao Vu Tuan Dat
    The best risk mitigation strategy requires building and implementing a CIRT response plan. This means you are preparing for potential computer/security incidents and practicing how to handle these incidents.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 32

    Lab 8: Configuring a Malware Lab

    Manipulating HTTP/HTTPS with Burp Suite


    Using Deep Freeze to Preserve Physical Systems

    - Install WireShark

    Install:

    Comd: apt-get install wireshark

    apt-get install tshark

    Run: sudo wireshark


    Install InetSim

    Install Perl Library

    Install:
    apt-get install libnet-server-perl

    apt-get install libnet-dns-perl

    apt-get install libipc-shareable-perl

    apt-get install libdigest-sha-perl

    apt-get install libio-socket-ssl-perl

    apt-get install iptables-dev

    Dowload the INetSim from

    http://www.inetsim.org/debian/binary/inetsim_1.2.4-1_all.deb
    Configurtion in conf/inetsim.conf:

    cp /etc/inetsim/inetsim.conf /etc/inetsim/inetsim.conf.orig
    nano /etc/inetsim/inetsim.conf

    service_bind_address 192.168.111.146(your ip address)

    redirect_enabled yes

    redirect_exclude_port tcp:22

    • sudo ./inetsim
    Install Burp Suite
    Install:

    Install openjdk-9-jdk

    sudo apt-get install openjdk-9-jdk

    Download Burp Suite

    https://portswigger.net/burp/releases/download?product=f

    ree&version=1.7.26&type=linux
    Configure Burp Suit on firefox

    Open Burp Suit

    Open on proxy tab -> choose Option(note the ipaddress on the interface)
    Open firefox -> choose Preferences
    Scroll down to the proxy choose Setting

    Choose manual proxy

    Type the 127.0.0.1 to the HTTP proxy and 8080 in the port
    Install Deep Freeze

    Download trial version on

    http://www.faronics.com/en-uk/

    Click next and It will reboot

    Open deep freeze in the right edge


    We can try to download some malware in the

    https://github.com/mikesiko/PracticalMalwareAnal

    ysis-Labs
    Use deepfreeze to froze your disk , choose box frozen it will not remember any file that install before

    Choose apply and reboot


    After reboot , it will return to the original state

    You might also like