In this post we will set up a virtual lab for malware analysis. We’ll create an isolated virtual network separated from the host OS and from the Internet, in which we’ll setup two victim virtual machines (Ubuntu and Windows 7) as well as an analysis server to mimic common Internet services like HTTP or DNS. Then, we’ll be able to log and analyze the network communications of any Linux or Windows malware, which will unknowingly connect to our server instead of the Internet. We demonstrate the setup with a real life use case where we analyze the traffic of the infamous TeslaCrypt ransomware, a now defunct ransomware which infected a large number of systemsContinue reading… Set up your own malware analysis lab with VirtualBox, INetSim and Burp
[Write-up] SickOs 1.1
![[Write-up] SickOs 1.1](https://blog.christophetd.fr/wp-content/uploads/2017/04/Shellshock-150x150.png)
[Write-up] Vulnix – playing around with NFS
![[Write-up] Vulnix – playing around with NFS](https://blog.christophetd.fr/wp-content/uploads/2017/04/1491922539_nfs_mount.png)
[Write-up] Mr Robot
![[Write-up] Mr Robot](https://blog.christophetd.fr/wp-content/uploads/2017/04/mr_robot_tv_series-978107021-large-150x150.jpg)
[Write-up] Droopy v0.2 CTF
![[Write-up] Droopy v0.2 CTF](https://blog.christophetd.fr/wp-content/uploads/2017/01/1491922778_39-150x150.png)
I recently started gaining a lot of interest in security, and after reading several CTF write-ups, I decided to try to solve one by myself. I chose Droopy v0.2. In case you don’t know, the goal of a CTF is very simple: Capture The Flag! Most of the time, the flag is simply a text file that you can obtain after having gained root access on the machine. You are only provided with a virtual machine, and the rest is up to you. Let’s get started!
git bisect for the win
I recently discovered the git bisect command. At first I thought « meh, this is just another obscure git command I’ll never use » but it actually turns out I used it several times in the last week and it saved me a non negligible amount of time. I’m therefore writing this post to make a quick introduction to git bisect.
How to setup a SFTP server with chrooted users
I’ll explain in this article how to properly setup a SFTP server with chrooted users being only able to access their own directory, and authenticated by public keys or a password. This is a very useful setup, which can get a bit tricky especially with the permissions. Unlike FTPS which is FTP over TLS, SFTP is a totally different protocol built on top of SSH. This especially means you don’t need any third-party software, since OpenSSH is installed by default on most linux distributions.
Quickly access your configuration files on your server
It’s been a while since I last wrote a post on this blog, so I’ve decided to share a simple way to quickly access the configuration files of the numerous services you may be running on your server. It is indeed quite painful to frequently edit arbitrary deep configuration files (such as /etc/php5/apache2/php.ini) that are spread out in your file system and which you don’t remember the names. The trick I am using is a directory named cfg at the root of my server, in which I create symbolic links pointing to configuration files or directories containing them, with names that are easier to remember.