Your delivery is very easy to understand, you have an innate way of simplifying or distilling concepts and actions to the essential. Thank you for this and other videos and please continue with cybersecurity topics and orhers.
This might be a beginner question, but I've heard about malwares capable of escaping sandboxes like VMs and docker containers. How do you identify malware with such capabilities? Because, obviously I'd prefer not to load maleware with such capabilities in a docker environment running on my host. And...how on earth do they work? Great video btw. Easy to follow and understand.
Unfortunately there is not a great way of quickly spinning up mac environments inside Docker containers like this. There are containers that spin up full mac environments (sickcodes), but they use full QEMU underneath, which isn't nearly as light as say, a traditional linux container. You can still use virtual machines on mac device for dynamic analysis though
The biggest problem with this setup is that you're giving malware really a VERY limited environment. The basta ransomware was complaining about not finding the /volumes directory for example. I think you're better off doing dynamic analysis on a full VM which can be reverted to snapshot imvho.
The intention behind this setup is to offer an isolated, consistent, and easy-to-manage environment that can be easily reset. The use of Docker for malware analysis isn't intended to replace traditional dynamic analysis in a full VM environment. It's more of an additional tool in the arsenal that can be useful in certain scenarios. My next upcoming video is actually going to go into detail about how to get past that, and use the encryptor and decryptor :)
Your delivery is very easy to understand, you have an innate way of simplifying or distilling concepts and actions to the essential. Thank you for this and other videos and please continue with cybersecurity topics and orhers.
This might be a beginner question, but I've heard about malwares capable of escaping sandboxes like VMs and docker containers. How do you identify malware with such capabilities? Because, obviously I'd prefer not to load maleware with such capabilities in a docker environment running on my host. And...how on earth do they work?
Great video btw. Easy to follow and understand.
Hi. Very Instructive.
BTW, Do you have a similar method for windows malwares ?
Thank you
take my kudos👍
You are Amazing!!!
let's freaking go!
Can I take an already existing malware sample and change it like to my call back address and all
Gotta try dynamic malware analysis on Linux. Have done it only on Windows so far.
Based and Docker pilled
I can’t believe this high pitched sound is her voice.
ALgorithm.
Great ❤
Hi, Laurie! Is that really WinXP?
Clearly not - look at the edges of the windows and the icon for the Explorer. Besides, the browser used in the video is MS Edge.
This is awesome, have any way to do this on macOS ?
Unfortunately there is not a great way of quickly spinning up mac environments inside Docker containers like this. There are containers that spin up full mac environments (sickcodes), but they use full QEMU underneath, which isn't nearly as light as say, a traditional linux container. You can still use virtual machines on mac device for dynamic analysis though
@@lauriewiredyea i already use 😅
Is this essentially the same as running chroot?
Similar but Docker offers a lot more isolation and extra features. chroot still shares system resources and the network stack
Is aslr enabled in the container ?
It should be by default unless you have it disabled on the host since they share the kernel
The biggest problem with this setup is that you're giving malware really a VERY limited environment. The basta ransomware was complaining about not finding the /volumes directory for example. I think you're better off doing dynamic analysis on a full VM which can be reverted to snapshot imvho.
The intention behind this setup is to offer an isolated, consistent, and easy-to-manage environment that can be easily reset.
The use of Docker for malware analysis isn't intended to replace traditional dynamic analysis in a full VM environment. It's more of an additional tool in the arsenal that can be useful in certain scenarios.
My next upcoming video is actually going to go into detail about how to get past that, and use the encryptor and decryptor :)
:3
second comment
FIRST AGAIN
Why are you still running windows xp?