Security


In this subject we will follow a step by step instruction of installing an Industrial Control System honeypot. We will use CONPOT. The URL for it is http://conpot.org and for documentation check: https://github.com/mushorg/conpot/tree/master/docs. The default configuration of Conpot simulates a basic “Siemens SIMATIC S7-200 PLC” with an input/output module and a […]

Creating an Industrial Control System Honeypot with Conpot


Check first “SSH Tunneling” and “How to create a free server in Amazon” if you need more details. In this topic we will learn how to bypass firewall that blocks SSH at application level. This will also bypass web proxy as the proxy will assume that this is legitimate HTTPS […]

SSH tunneling over https to bypass firewalls


After telling the installation of Cuckoo and dynamic analysis of the suspected software there are easier ways to do the analysis of the malware. The aim of our analysis is to understand if a file that we downloaded or sent by email is harmful or not. We will have two […]

Malware Analysis with Online Tools



Previous post: How to create a free server in Amazon After creating our server in Amazon Cloud we can use it to bypass firewall filtering and also the limitations and censorship in your country. We will use a port for the tunneling and use our SSH connection for SOCKS proxy. While […]

SSH Tunneling


Previous Post: Cuckoo Memory Analysis with Volatility In this section we will deal with a recent malware example and also do some basic network analysis. I will try just a new malware from: Malware Clean MX – realtime.  Below is the screenshot. We will test a suspected trojan downloader. This is […]

Cuckoo – Network Analysis


Previous post: Cuckoo Submitting Malware In this post we will learn installation and usage of Volatility for memory analysis. In Cuckoo it is also possible to get a memory dump. We will use this memory dump with Volatility to check the hidden processes, connections, etc… Here we will use a Sality […]

Cuckoo Memory Analysis with Volatility



Previous post: Cuckoo Sandbox Installation After learning how to install Cuckoo, now it is time to submit different types of malware. In the previous post we only learned to submit a binary exe file. Now we will see different options. For the examples below it is assumed that you opened a […]

Cuckoo Submitting Malware


What is Cuckoo Sandbox? In three words, Cuckoo Sandbox is a malware analysis system. What does that mean? It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when […]

Cuckoo Sandbox Installation