From BruCON 2015
Jump to: navigation, search
(Created page with "Successful dynamic analysis of malware is dependent on your ability to “Fake the Network”. Tricking malware into thinking it is connected to the Internet allows you effici...")
 
(No difference)

Latest revision as of 23:34, 26 August 2014

Successful dynamic analysis of malware is dependent on your ability to “Fake the Network”. Tricking malware into thinking it is connected to the Internet allows you efficiently capture network signatures. FakeNet is a free and easy-to-use network simulation tool designed for Windows. In this workshop, I will publicly release FakeNet 2.0 and teach you how it operates.

Attendees will learn the following practical skills:

- Use FakeNet to mimic common protocols like HTTP, SSL, and DNS - Quickly reconfigure FakeNet to have success defeating malware - How FakeNet uses Windows Internals - Use process tracking, which allows you to quickly identify the process responsible for the malicious network activity - How FakeNet automatically logs network traffic to PCAP without the need for additional tools

Bring your Windows malware analysis Virtual Machine or I’ll provide one for you. The hands-on section of this workshop forces you to analyze real world malware samples to tease out network-based malware signatures. These challenges start at a basic level and progress until you dive into how to extend FakeNet by writing a Python Extension for a custom malware protocol.