Speeding up Linux Malware Analysis with Docker
Рет қаралды 4,857
Күн бұрынIn this video we use Docker containers to speed up Linux malware analysis. We use containers to bundle our Reverse Engineering tools and quickly reset container state.
---
Timestamps:
00:00 Intro
01:44 Use Cases
02:43 Bundling Tools
03:14 Running
03:58 Contents of Dockerfile
05:35 Warning!
06:43 Real Malware Example
08:25 Example Commands
09:49 Cleaning Up
10:26 Recap
---
Links Mentioned in Video:
github.com/LaurieWired/linux_...
---
laurieWIRED Twitter:
/ lauriewired
laurieWIRED Website:
lauriewired.com
laurieWIRED Github:
github.com/LaurieWired
laurieWIRED HN:
news.ycombinator.com/user?id=...
laurieWIRED Reddit:
/ lauriewired
@btruj2507 Ай бұрын
Your delivery is very easy to understand, you have an innate way of simplifying or distilling concepts and actions to the essential. Thank you for this and other videos and please continue with cybersecurity topics and orhers.
@PurpleTeamer 10 ай бұрын
Hi. Very Instructive. BTW, Do you have a similar method for windows malwares ? Thank you
@firosiam7786 10 ай бұрын
Can I take an already existing malware sample and change it like to my call back address and all
@AvinashKumar-fe8xb Ай бұрын
take my kudos👍
@knewdist 5 ай бұрын
You are Amazing!!!
@NTxC 10 ай бұрын
Gotta try dynamic malware analysis on Linux. Have done it only on Windows so far.
@Me.n_n 10 ай бұрын
Great ❤
@CarolinaDota 10 ай бұрын
let's freaking go!
@frederikluartes3437 10 ай бұрын
How did you make your taskbar look like windows xp?
@MazdaMiat 10 ай бұрын
Based and Docker pilled
@matteyeux 10 ай бұрын
Is aslr enabled in the container ?
@lauriewired 10 ай бұрын
It should be by default unless you have it disabled on the host since they share the kernel
@plato4ek 3 ай бұрын
Hi, Laurie! Is that really WinXP?
@Cerg1998 26 күн бұрын
Clearly not - look at the edges of the windows and the icon for the Explorer. Besides, the browser used in the video is MS Edge.
@FitzkeeLab 10 ай бұрын
Is this essentially the same as running chroot?
@lauriewired 10 ай бұрын
Similar but Docker offers a lot more isolation and extra features. chroot still shares system resources and the network stack
@shemhamphoraschyhwh 10 ай бұрын
This is awesome, have any way to do this on macOS ?
@lauriewired 10 ай бұрын
Unfortunately there is not a great way of quickly spinning up mac environments inside Docker containers like this. There are containers that spin up full mac environments (sickcodes), but they use full QEMU underneath, which isn't nearly as light as say, a traditional linux container. You can still use virtual machines on mac device for dynamic analysis though
@shemhamphoraschyhwh 10 ай бұрын
@@lauriewiredyea i already use 😅
@MikeHunt-rw4gf 10 ай бұрын
ALgorithm.
@ThiagoSTeixeir4 10 ай бұрын
:3
@Weazel160R 10 ай бұрын
The biggest problem with this setup is that you're giving malware really a VERY limited environment. The basta ransomware was complaining about not finding the /volumes directory for example. I think you're better off doing dynamic analysis on a full VM which can be reverted to snapshot imvho.
@lauriewired 10 ай бұрын
The intention behind this setup is to offer an isolated, consistent, and easy-to-manage environment that can be easily reset. The use of Docker for malware analysis isn't intended to replace traditional dynamic analysis in a full VM environment. It's more of an additional tool in the arsenal that can be useful in certain scenarios. My next upcoming video is actually going to go into detail about how to get past that, and use the encryptor and decryptor :)
@badalice7289 10 ай бұрын
FIRST AGAIN
@joshuampere4327 10 ай бұрын
second comment
Telefonchi uz
Рет қаралды 1,9 МЛН