Show page

Differences

This shows you the differences between two versions of the page.

--- cdci:labs:1 [2020/02/21 09:59]
mihai.chiroiu [01. [5p] Virtual machine setup]
+++ cdci:labs:1 [2025/01/21 19:19] (current)
mihai.chiroiu
@@ Line 1: / Line 1: @@
-====== Lab 1. Malware sample analysis ======
+====== Lab01. Introduction to Linux ======
 ===== Objectives =====
-  * Investigate a possible malware using Windows tools
+  * Introduction to command line tools in Linux
-  * Consider the network traffic of a malware
-  * Analyze the files and registers used by a malware
-  * Modify a malware and see the behavior of an anti-virus solution
 ===== Topology =====
-For this exercise you will need a Windows 10 virtual machine.
+For this exercise you will need a SSH-capable machine (putty, bash, PowerShell).
 ===== Tasks =====
-==== 01. [5p] Virtual machine setup ====
+Please solve the first 15 tasks from OvertheWire: [[https://overthewire.org/wargames/bandit/ || https://overthewire.org/wargames/bandit/ ]].
-<note warning>
-**If your VM networking is connected to your computer network, your computer might get infected during this lab activity. Create a snapshot for the VM before you continue.**
-</note>
-Open the Windows 10 virtual machine and make sure that it is not connected to the local network and it does have Internet access via NAT interface (not bridged). Turn off your Windows defender protection (Windows Settings->Update & Security->Windows Security->Virus & threat protection->Virus & threat protection Settings->Turn off Real-time protection).
-{{ :cdci:labs:cdci_lab01_disable-windows-defender.png?600 |}}
-==== 02. [5p] Lab setup ====
-Download the [[https://drive.google.com/open?id=11WTT3NYUfVk7UopVnUc-uf9SKgvzIcOf|lab setup]] files from the assistant. Install the programs and extract the sample files.
-<note>
-The sample archive contain one malware and uses the "malware" password.
-</note>
-==== 03. [5p] Initial file analysis ====
-Your network administrator has provided you with 10 files that look suspicious and where caught by the network security equipment. Your job is to determine if there is any suspicious file and find out as much information about it as possible. Fill in the following data for each file. Try to do this using a (PowerShell) script.
-^ Filename ^ Type of file (EXE,DLL,etc.) ^ Original filename ^ Date modified ^ MD5 hash ^
-|  -  |  -  |  -  |  -  |  -  |
-<solution>
-<code>
-foreach($file in Get-ChildItem test) {$file.Name; bash.exe -c "cd test; file '$($file.Name)'"; $file.VersionInfo | fl -Property OriginalFilename;  $(Get-Item $file.Fullname).lastwritetime; $(Get-FileHash $file.FullName -Algorithm MD5).Hash}
-test01.exe
-test01.exe: PE32+ executable (GUI) x86-64, for MS Windows
-OriginalFilename : diskpart.exe
-Wednesday, January 1, 2020 12:00:00 AM
-CD3B253FAAE62C0D0EC8CF456FDF083E
-</code>
-</solution>
-==== 04. [5p] File compare ====
-Is the previous information enough? Does it really help? Use the WinMergePortable.exe program and compare “test1.exe” against “test2.exe”. What about their hashes, how close are them? Consider the file properties and spot the differences.
-==== 01. [5p] Virtual machine setup ====
-==== 01. [5p] Virtual machine setup ====
-==== 01. [5p] Virtual machine setup ====
-==== 01. [5p] Virtual machine setup ====
-==== 01. [5p] Virtual machine setup ====
-==== 01. [5p] Virtual machine setup ====
-==== 01. [5p] Virtual machine setup ====
-==== 01. [5p] Virtual machine setup ====
-==== 01. [5p] Virtual machine setup ====
-==== 01. [5p] Virtual machine setup ====
-==== 01. [5p] Virtual machine setup ====
-==== 01. [5p] Virtual machine setup ====
-==== 01. [5p] Virtual machine setup ====
-==== 01. [5p] Virtual machine setup ====
-<solution>
-</solution>

General info CDCI

Lectures

Labs

Assignments

Resources

Useful resources

cdci/labs/1.1582271992.txt.gz · Last modified: 2020/02/21 09:59 by mihai.chiroiu

Show page Old revisions

Media Manager Back to top