How to obtain malware for analyzing

For malware analyzing you need to obtain some malware that is around in the field right now. Their are severable ways of obtaining malware for analyzing. But before you go and check out the following steps i recoment you use virtual machine.

Easy ways of obtaining malware is by joinging sketchy forums, sign up for spam mails or try and download some free generators/cheats for games.

Check out ‘Malshare.com,’ it is a website where you can actively download malware shared by others. It provides an opportunity to explore and access various types of malware.

Tool 1: Virtual machines

When it comes to dealing with malware, one essential tool to have is a virtual machine. The primary purpose of using virtual machines is to ensure the safety of your own system and prevent accidental loss of files. Thankfully, there are various options available for creating virtual machines, both free and paid. Prominent examples include “VirtualBox” and “VMware.”

Once you have set up a virtual machine, you can choose to install either Windows or Linux. A Linux distribution called Remnux stands out as it offers a comprehensive set of tools specifically designed for reverse engineering malware. By using a virtual machine, you can execute viruses and observe their behavior. While easily restoring the system to its previous working state with the help of a snapshot.

IMPORTANT: ENSURE THAT YOUR ENVIRONMENT REMAINS COMPLETELY ISOLATED TO PREVENT ANY POSSIBILITY OF A BREAKOUT.

Tool 2: Wireshark

Wireshark is a crucial tool for analyzing malware and understanding its behavior. It captures and analyzes network traffic, allowing you to identify communication patterns and command and control servers used by the malware. It helps detect malicious traffic, reconstruct malware activities, and is best used in combination with a virtual machine for a safe analysis environment.

While there are other network capturing software options available, Wireshark is the preferred choice for most analysts due to its free availability and extensive community support. It has a large user base and a wealth of resources, including courses that teach you the intricacies of this powerful software.

Tool 3: Any.run

Any.Run is a platform designed for malware reverse engineering. It offers a virtualized environment, similar to a virtual machine with Wireshark installed. Enabling analysts to safely dissect and analyze malicious code. Let’s explore why Any.Run is a standout tool for reverse engineering malware.

1. Safe Virtual Environment: Any.Run provides a secure sandboxed environment, protecting the host system while allowing analysts to dissect malware.
2. Streamlined Workflow: The platform offers an intuitive interface for effortless upload, execution, and real-time monitoring of malware samples.
3. Comprehensive Behavior Analysis: Any.Run captures and analyzes dynamic malware behavior, enabling researchers to gain valuable insights into malicious tactics.
4. Network Traffic Visibility: With integrated Wireshark, Any.Run allows detailed examination of malware’s network traffic, revealing command-and-control infrastructure and data exfiltration techniques.
5. Collaborative Approach: Any.Run encourages collaboration among researchers, facilitating knowledge sharing and collective defense against evolving cyber threats.
6. Informative Reports: The platform generates detailed reports and captures forensic artifacts, providing vital information for incident response and further investigations.

Whether you’re a beginner or an experienced analyst, Any.Run is a valuable tool for diving into the world of malware analysis. It provides a supercharged magnifying glass for dissecting malicious software and understanding its inner workings. While the paid version unlocks additional features, the free version still offers a robust set of tools to kickstart your journey into malware reverse engineering.

Tool 4: Virus Total

VirusTotal is an online service that provides a convenient method to swiftly determine if a file or URL contains any detected viruses. It employs a range of antivirus engines and security tools to enhance the accuracy of malware detection. By leveraging the collective knowledge and expertise of the cybersecurity community, users gain access to a collaborative platform.

VirusTotal incorporates static and dynamic analysis techniques, along with an extensive database of previously scanned files, which aids in malware analysis and research. In summary, VirusTotal serves as a valuable resource for promptly verifying if a file or URL is flagged as malicious, identifying the specific antivirus scanners that detected it, and determining its malware family or type. This capability proves invaluable when you need to quickly assess the detection status and behavior of potential threats.

Tool 5: DIE Detect it EASY

Detect It Easy (DIE) is a versatile file analysis tool that operates across multiple platforms. Its primary function is to determine the types of files by utilizing detection signatures, while also providing the option for customization through scripts. DIE supports various file formats and proves particularly useful for malware analysis.

Key features of DIE for malware analysis include:

1. File Identification: DIE excels at accurately identifying file types, aiding analysts in classifying and comprehending malware.
2. Signature-based Detection: By utilizing pre-established signatures, DIE can effectively detect known malware patterns and characteristics.
3. Open Signature Architecture: Users have the freedom to customize existing detection algorithms or create new ones using scripts. This flexibility allows for tailored and adaptable malware analysis.
4. Versatility: DIE is capable of recognizing a broad range of file formats, including executable files that are frequently employed by malware.
5. Compilers/Obfuscators Detection: DIE possesses the ability to detect the specific compilers or obfuscators employed in the creation of files, and it may even offer the potential for their reversal.

By utilizing DIE, analysts can easily identify suspicious files, classify malware samples, and develop customized detection rules, thereby enhancing their malware analysis capabilities.

Tool 6: Hexrays/ Ghidra

Ghidra stands out for its extensive capabilities, including the ability to disassemble, decompile, and debug various types of executable files. It serves as an indispensable tool for reverse engineering malware, allowing analysts to gain deep insights into its inner workings.

With Ghidra, analysts can explore the code, data structures, and control flow of malware, providing valuable knowledge for analysis and mitigation. The tool offers a user-friendly interface and a robust scripting environment, enabling users to automate analysis tasks and even create custom analysis tools tailored to their specific requirements.

Hex-Rays is a commercial software extension widely used for disassembly. It specializes in the decompilation of binary code into a high-level programming language representation, such as C. This process of converting the code into a more human-readable form facilitates a better understanding of the functionality and logic employed by the malware.

It is worth noting that both Ghidra and Hex-Rays have a learning curve that may appear daunting at first. However, the investment of time and effort in mastering these tools proves worthwhile for individuals seeking to delve into malware analysis and reverse engineering. The insights gained from utilizing these tools can be invaluable in combating and staying ahead of evolving malicious software threats.

The post 6 Tools to start reverse engineering malware? appeared first on IT-Tutorial.

When you use Composer to install NextCloud packages, you can easily upgrade from the commmand line with Composer, which is much simpler…

To upgrade NextCloud, you must manually upgrade its core files and other packages when new versions are available…. and doing that using its starndard method can be challenging for some users…

This brief tutorial is going to show students and new users how to install / upgrade NextCloud from Github repository via Composer with Apache2, MariaDB and PHP 7.2 support on Ubuntu 16.04 | 18.04 LTS servers…

To get started with installing NextCloud, follow the steps below:

Step 1: Install Apache2 HTTP Server on Ubuntu.

Apache2 HTTP Server is the most popular web server in use… so install it since NextCloud needs it..

To install Apache2 HTTP on Ubuntu server, run the commands below…

sudo apt update
sudo apt install apache2

After installing Apache2, the commands below can be used to stop, start and enable Apache2 service to always start up with the server boots.

sudo systemctl stop apache2.service
sudo systemctl start apache2.service
sudo systemctl enable apache2.service

To test Apache2 setup, open your browser and browse to the server hostname or IP address and you should see Apache2 default test page as shown below.. When you see that, then Apache2 is working as expected..

http://localhost or use the ip addres of your ubuntu server.

Step 2: Install MariaDB Database Server

MariaDB database server is a great place to start when looking at open source database servers to use with Magento… To install MariaDB run the commands below…

sudo apt-get install mariadb-server mariadb-client

After installing MariaDB, the commands below can be used to stop, start and enable MariaDB service to always start up when the server boots..

Run these on Ubuntu 16.04 LTS

sudo systemctl stop mysql.service
sudo systemctl start mysql.service
sudo systemctl enable mysql.service

Run these on Ubuntu 18.04 and 18.10 LTS

sudo systemctl stop mariadb.service
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service

After that, run the commands below to secure MariaDB server by creating a root password and disallowing remote root access.

sudo mysql_secure_installation

When prompted, answer the questions below by following the guide.

• Enter current password for root (enter for none): Just press the Enter
• Set root password? [Y/n]: Y
• New password: Enter password
• Re-enter new password: Repeat password
• Remove anonymous users? [Y/n]: Y
• Disallow root login remotely? [Y/n]: Y
• Remove test database and access to it? [Y/n]:  Y
• Reload privilege tables now? [Y/n]:  Y

Restart MariaDB server

To test if MariaDB is installed, type the commands below to logon to MariaDB server

sudo mysql -u root -p

Then type the password you created above to sign on… if successful, you should see MariaDB welcome message

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ondrej/php

sudo apt update

sudo apt install php7.2 libapache2-mod-php7.2 php7.2-common php7.2-gmp php7.2-curl php7.2-intl php7.2-mbstring php7.2-xmlrpc php7.2-mysql php7.2-gd php7.2-xml php7.2-cli php7.2-zip

sudo nano /etc/php/7.2/apache2/php.ini

file_uploads = On
allow_url_fopen = On
short_open_tag = On
memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 360

Step 4: Restart Apache2

After installing PHP and related modules, all you have to do is restart Apache2 to reload PHP configurations…

To restart Apache2, run the commands below

sudo systemctl restart apache2.service

To test PHP 7.2 settings with Apache2, create a phpinfo.php file in Apache2 root directory by running the commands below

sudo nano /var/www/html/phpinfo.php

Then type the content below and save the file.

<?php phpinfo( ); ?>

Save the file.. then browse to your server hostname followed by /phpinfo.php

http://localhost/phpinfo.php

You should see PHP default test page…

Step 5: Create NextCloud Database

Now that you’ve installed all the packages that are required for NextCloud to function, continue below to start configuring the servers. First run the commands below to create a blank NextClouddatabase.

To logon to MariaDB database server, run the commands below.

sudo mysql -u root -p

Then create a database called nextcloud

CREATE DATABASE nextcloud;

Create a database user called nextclouduser with new password

CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'new_password_here';

Then grant the user full access to the database.

GRANT ALL ON nextcloud.* TO 'nextclouduser'@'localhost' IDENTIFIED BY 'user_password_here' WITH GRANT OPTION;

Finally, save your changes and exit.

FLUSH PRIVILEGES;
EXIT;

Step 6: Download NextCloud Latest Release

To get NextCloud latest release you may want to use Github repository… Install Composer, Curl and other dependencies to get started…

sudo apt install curl git
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer

After installing curl and Composer above, change into the Apache2 root directory and downaload NextCloud packages from Github… Always replace the branch number with the latest branch….

cd /var/www/html
sudo git clone --branch stable17 https://github.com/nextcloud/server.git nextcloud
cd /var/www/html/nextcloud
sudo composer install
sudo git submodule update --init

Then run the commands below to set the correct permissions for NextCloud to function.

sudo chown -R www-data:www-data /var/www/html/nextcloud/
sudo chmod -R 755 /var/www/html/nextcloud/

Step 7: Configure Apache2

Finally, configure Apahce2 site configuration file for NextCloud. This file will control how users access NextCloud content. Run the commands below to create a new configuration file called nextcloud.conf

sudo nano /etc/apache2/sites-available/nextcloud.conf

Then copy and paste the content below into the file and save it. Replace servername and server aliias with your own domain name and directory root location.

<VirtualHost *:80>
     ServerAdmin admin@example.com
     DocumentRoot /var/www/html/nextcloud/
     ServerName example.com
     ServerAlias www.example.com
  
     Alias /nextcloud "/var/www/html/nextcloud/"

     <Directory /var/www/html/nextcloud/>
        Options +FollowSymlinks
        AllowOverride All
        Require all granted
          <IfModule mod_dav.c>
            Dav off
          </IfModule>
        SetEnv HOME /var/www/html/nextcloud
        SetEnv HTTP_HOME /var/www/html/nextcloud
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

Save the file and exit.

Step 8: Enable the NextCloud and Rewrite Module

After configuring the VirtualHost above, enable it by running the commands below

sudo a2ensite nextcloud.conf
sudo a2enmod rewrite
sudo a2enmod headers
sudo a2enmod env
sudo a2enmod dir
sudo a2enmod mime

Step 9 : Restart Apache2

To load all the settings above, restart Apache2 by running the commands below.

sudo systemctl restart apache2.service

Then open your browser and browse to the server domain name. You should see NextCloud setup wizard to complete. Please follow the wizard carefully.

http://example.com/nextcloud or type use http://your-ip-adress/nextcloud

Then create an admin account for NextCloud and type in the database info created above and finish the installation….

Enjoy!

Congratulation! You have successfully installed NextCloud on Ubuntu 16.04 | 18.04 and may work on upcoming 18.10…

Upgrading NextCloud

In the future when you want to upgrade to a new released version, simply follow the steps below:

Backup your corrent NextCloud folder….

sudo mv /var/www/html/nextcloud /var/www/html/nextcloud_bak

Then download the latest… replace the stable number with the latest…

cd /var/www/html
sudo git clone --branch stable14 https://github.com/nextcloud/server.git nextcloud
cd /var/www/html/nextcloud
sudo composer install
sudo git submodule update --init

Next, copy the old data folder and the old config.php file from the backed-up folder to the new NextCloud directory….

sudo cp -rf /var/www/html/nextcloud_bak/data /var/www/html/nextcloud
sudo cp /var/www/html/nextcloud_bak/config/config.php /var/www/html/nextcloud/config/

After that, run the commands below to upgrade….

sudo -u www-data php /var/www/html/nextcloud/occ maintenance:mode --on
sudo composer update /var/www/html/nextcloud --with-dependencies
sudo -u www-data php /var/www/html/nextcloud/occ upgrade
sudo -u www-data php /var/www/html/nextcloud/occ maintenance:mode --off

That’s it!

You may also like the post below:

The post Install NextCloud Server Using Composer On Ubuntu 16.04 | 18.04 With Apache2, MariaDB And PHP 7.2 Support appeared first on IT-Tutorial.