CS6038/CS5138 Malware Analysis, UC

Course content for UC Malware Analysis

View on GitHub
28 January 2021

VM Setup and Test

by Coleman Kane

LAB01: VM Setup and Test

During the first module, we covered using VirtualBox to import, snapshot, and configure networking on the Kali VM. I have configured a Win7 VM that is linked in the assignment. The VM is configured to use host-only networking and already has ncat.exe installed. Alternately, you may use any of the Windows VMs available from Microsoft’s Modern.IE or even the educational version available for free to students. You will need to disable the Windows Firewall, as well as disable Windows Defender, to ensure that these features do not interfere with your work. You will also need to install ncat yourself, from the ZIP file linked in the first lecture notes.

This independent lab will have you achieve the following goals - you’ll want to use (tcpdump -w as was demoed in the video, on the Kali VM, to capture the traffic):

Configure the networking to use Host-Only Network on both VMs, with Win7 using the same VirtualBox/vboxnet host network that Kali is configured to use.

Attach a ZIP file containing the PCAP generated by tcpdump, and also the output.txt file, as the submission for this assignment. Method #2 from This Example might be helpful if you’re using cmd.exe and want a tip on how to accomplish the file write operation without a GUI.

home

tags: malware - assignment