Great job with a series of videos related to malware analysis :) Keep up the good work brother! By the way, is it possible to provide a download link for each video under description? Thank you.
Hey thanks for the positive feedback, great to hear the videos are being well received. I doubt I will provide download links as it means I will have to then host the videos somewhere else when they are already available on UA-cam.
@@MacMac-f7v Thanks, sorry this channel is the only video content I have created. If you search for ‘Neil Fox Varonis’ on Google, you will find a bunch of blogs I wrote aswell
I'm new to your channel, Sir. I have a question, sir. Given that Windows 10 is the most popular operating system, may I seek clarification as to why Windows 7 needs to be installed on a virtual machine? Will the analysis or result differ if we use Windows 10?
You can use Windows 10 and that will work absolutely fine. Windows 7 is obviously an older OS so I often use that in malware VM’s as it will have more vulnerabilities
Do you leave copy and paste functionality enabled on your VMs still? I am conflicted about enabling it. But I don't know how you could copy analysis results out of the vm otherwise.
@@0xf0x , I mean, what is the configuration of the host machine? Since you have sooo many VMs, I was curious to know the processor, amount of RAM, and other details about your host machine.
I have a doubt: with host-only connection malware cannot infect your host machine? I mean, they are isolated in a network, but with host-only VM's can communicate with host OS (through host-only adapter). Thank you in advance
Hey, this is the same setup you would build if you take the SANS 610 except you would have a windows 10 machine. I can only advise on how I have been analysing malware for the past few years, if your not confident with this then maybe look to stand up a Cuckoo sandbox. All the best 👍
@@0xf0x i know, but looking into this topic I would add to disable in VMware virtual network editor the option "Connect a host virtual adapter to this network". Doing so I think is safer a priori, because that way Host OS and guest OS cannot communicate each other. Thanks amyway
@@0xf0x Sorry for asking again, but reading both of your comments, so the final thing is that is still is 'dangerous' for a worm/ransom to infect our host machine but the chance is slight?
I found this on internet... I configure Remnux and Windows 7 with Host-only but I can reach both equipment with ping command.. If I run the macro Im going to be infected??? If you put host-only, your VMs can access, well, only the host. Your host machine is not isolated, but the opposite: it's the only machine they can access. To isolate the VMs, you must use Internal Network. Using this network means: The host can't access the guests Guests can't access the host Guests can't access the internet Guests can access each other If you use Host Only, the guests access the host. If you use NAT or bridge, they can access your entire network.
If you follow the instructions on the video you will have a vlan that is only used by your windows 7 machine and Remnux machine. In host only these devices can only talk to devices on the same subnet. They won’t have access to your physical host. I have used this setup for 2+ years and have never infected my physical host. I’m also running an EDR solution on my host and this would have picked up me infecting myself. 👍
@@0xf0x Nothing my friend, I change the configuration on VMWare, I configured the same subnet than the video and Im still ping from the host (my laptop) to the VMs (Win7 and Remnux). The difference is on my Remnux is the adapter name, in my VM the adapter name is ens33: flags=4163 mtu 1500, your Remnux just say eth0 Link encap:Ethernet HWaddr:(your mac address). I dont know if the problem is there. How can I share my configuration with you (screenshots) to show you my settings?... Question, What operating system do you use as a host (in my case I use Windows 10 Pro full updated) and what EDR solution do you use or recomend to protect our host? These are tips that would be good to know to further protect the host.
You won’t be able to ping from your physical host to the VM network. It’s a private network between your windows 7 Machine and the Remnux box. You don’t want the VM’s talking to your host, the idea is they are an isolated network to run malware in
@@0xf0x This is the reason why I report this to you because it seems very strange to me, that's why I haven't been able to advance because even though I change the IPs of both VMs, I get a response by pinging the VMs. I am using Windows 10 Pro as host.
![Lp. Сердце Вселенной #60 РОЖДЕНИЕ ЛОЛОЛОШКИ [Финал] • Майнкрафт](http://i.ytimg.com/vi/YoR0pAV9FVQ/mqdefault.jpg)
Looking great, just in time for the holidays :D
Great video mate, easy to follow explanations, looking forward to the rest of the series!
Cheers mate! 👍
Solid malware analysis tutorials and explanations!
Thanks!
Came here from Twitter , subscribed after watching this video. Pretty neat
Nice!
Thank you for showing how to do.
I think if you show a network topology of how the isolated lab woud be, could facilitate a lot
Awesome video. Keep them coming, man !
Thanks! Appreciate the support.
Very nice, keep the sharing up so I can learn free, hehe thank you very much, Sir!
Great job with a series of videos related to malware analysis :) Keep up the good work brother! By the way, is it possible to provide a download link for each video under description? Thank you.
Hey thanks for the positive feedback, great to hear the videos are being well received. I doubt I will provide download links as it means I will have to then host the videos somewhere else when they are already available on UA-cam.
Great stuff man, Thanks for sharing :)
Thanks!
Awesome job! Thank you.
can you please provide a list of programs? it would be very helpful. Thanks! Great course!
No probs, just added to the video description :-)
Thanks man make more videos about malware analysis and reverse engineering also.
Hey Neil, thanks for the great content! Do you have any recommendations for a personal EDR system? Thank you,
This is a fantastic video even in 2024, do you happen to have a udemy course or ant more in depth material?
@@MacMac-f7v Thanks, sorry this channel is the only video content I have created. If you search for ‘Neil Fox Varonis’ on Google, you will find a bunch of blogs I wrote aswell
I'm new to your channel, Sir. I have a question, sir. Given that Windows 10 is the most popular operating system, may I seek clarification as to why Windows 7 needs to be installed on a virtual machine? Will the analysis or result differ if we use Windows 10?
You can use Windows 10 and that will work absolutely fine. Windows 7 is obviously an older OS so I often use that in malware VM’s as it will have more vulnerabilities
@@0xf0x Thank you sir
could you share a chocolately or boxstarter script, to automate the install of all those tools?
Do u have example Dionaea with remnux
Do you leave copy and paste functionality enabled on your VMs still? I am conflicted about enabling it. But I don't know how you could copy analysis results out of the vm otherwise.
You should be able to enable and disable that feature
looks great series of videos, are you using windows7 32bit ?
I’m using 64bit in this video, 32 will work fine though 👍
very nice video
Can I ask, REMnux only available on Ubuntu ?
Or I can also use the CentOs
Looks like its just Ubuntu:
docs.remnux.org/install-distro/install-from-scratch
You can download a pre-built .ova tho rather than install from scratch
@@0xf0x thanks a lot , expert guys
Hi! Can you also share your desktop configuration? Thanks!
Hi, not sure what you mean? All the config for a malware lab should be in the video. 👍
@@0xf0x , I mean, what is the configuration of the host machine? Since you have sooo many VMs, I was curious to know the processor, amount of RAM, and other details about your host machine.
@@niteshsurana Ah right sorry! It's a Dell XPS, 32gb RAM, Intel Core i7-8750H
I have a doubt: with host-only connection malware cannot infect your host machine? I mean, they are isolated in a network, but with host-only VM's can communicate with host OS (through host-only adapter). Thank you in advance
Hey, this is the same setup you would build if you take the SANS 610 except you would have a windows 10 machine. I can only advise on how I have been analysing malware for the past few years, if your not confident with this then maybe look to stand up a Cuckoo sandbox. All the best 👍
@@0xf0x i know, but looking into this topic I would add to disable in VMware virtual network editor the option "Connect a host virtual adapter to this network". Doing so I think is safer a priori, because that way Host OS and guest OS cannot communicate each other. Thanks amyway
@@0xf0x Sorry for asking again, but reading both of your comments, so the final thing is that is still is 'dangerous' for a worm/ransom to infect our host machine but the chance is slight?
Hi , Did you open VPN in your host machine or virtual windows7 machine ? Thank you.
VPN on physical host
@@0xf0x Thank your for answer.
Is the same network configuration on Virtualbox?
Yeah Virtualbox should work fine
Does this have to be done with Windows 7, or can I do this with a Windows 10 as well?
Windows 10 will work absolutely fine. I just used Windows 7 as an example as it’s cheaper to get hold of and will be more vulnerable than Windows 10.
I found this on internet... I configure Remnux and Windows 7 with Host-only but I can reach both equipment with ping command.. If I run the macro Im going to be infected???
If you put host-only, your VMs can access, well, only the host. Your host machine is not isolated, but the opposite: it's the only machine they can access.
To isolate the VMs, you must use Internal Network. Using this network means:
The host can't access the guests
Guests can't access the host
Guests can't access the internet
Guests can access each other
If you use Host Only, the guests access the host. If you use NAT or bridge, they can access your entire network.
If you follow the instructions on the video you will have a vlan that is only used by your windows 7 machine and Remnux machine. In host only these devices can only talk to devices on the same subnet. They won’t have access to your physical host. I have used this setup for 2+ years and have never infected my physical host. I’m also running an EDR solution on my host and this would have picked up me infecting myself. 👍
@@0xf0x Thank you, I will review the video.
@@0xf0x Nothing my friend, I change the configuration on VMWare, I configured the same subnet than the video and Im still ping from the host (my laptop) to the VMs (Win7 and Remnux). The difference is on my Remnux is the adapter name, in my VM the adapter name is ens33: flags=4163 mtu 1500, your Remnux just say eth0 Link encap:Ethernet HWaddr:(your mac address). I dont know if the problem is there. How can I share my configuration with you (screenshots) to show you my settings?... Question, What operating system do you use as a host (in my case I use Windows 10 Pro full updated) and what EDR solution do you use or recomend to protect our host? These are tips that would be good to know to further protect the host.
You won’t be able to ping from your physical host to the VM network. It’s a private network between your windows 7 Machine and the Remnux box. You don’t want the VM’s talking to your host, the idea is they are an isolated network to run malware in
@@0xf0x This is the reason why I report this to you because it seems very strange to me, that's why I haven't been able to advance because even though I change the IPs of both VMs, I get a response by pinging the VMs. I am using Windows 10 Pro as host.
I haven't had a chance to watch the video but just wanted to ask if the information presented here is still valid? Thanks
You might have to find another way to sort some windows ISO’s out but other than that you’re all good 👍
@@0xf0x thank you!