Speaker: Brad Duncan
Designation: Threat Intelligence Analyst at Palo Alto Networks Unit 42
Topic: Building a Lab Environment to Analyze Windows Malware
Date of Webinar: 20th Oct, 2020
Time and Location: 09:00 am CDT/ 07:30 pm IST/ 03:00 pm BST
After 21 years in the US Air Force, Brad Duncan transitioned to cyber security in 2010. He is currently working as a Threat Intelligence Analyst for Palo Alto Networks Unit 42. Brad specializes in network traffic analysis.
Malware targeting Microsoft Windows remains a large part of our threat landscape as hundreds of new samples emerge every day on services like Malware Bazaar or VirusTotal. Security professionals who analyze malware also perform dynamic analysis of the samples, meaning they run it in a live environment isolated from other computer systems in the workplace or home.
This cyber talk reviews how to build a lab to analyze Windows malware. We discuss the pros and cons of virtual environments versus a physical setup. Network traffic generated by Windows malware is an important part of malware analysis, so this cyber talk also reviews methods of recording packet captures (pcaps) of the traffic in a lab environment.
What are the different types of software suitable for virtual environments? Should you use Windows 10 or Windows 7 in your lab? How can you get fresh malware samples to test in your lab environment? How should you set up an Active Directory (AD) login? What is your personal goal behind building a lab environment? These are some of the issues covered in this cyber talk.
- A virtual environment can be portable, but a physical lab is often limited to a single location. Learn how you can build one.
- Windows software licenses can be the highest cost of creating a lab environment legally. Learn how to limit it.
- Due to multiple hosts, an AD environment is often resource intensive. Can you budget it appropriately?
- Windows 10 generates a large amount of system-generated traffic, but there are ways to reduce this when recording a pcap of the network activity. Learn to perform it efficiently.