Malware analysis is an essential part of security researcher's work. But working with malicious samples can be dangerous — it requires specialized tools to record their activity, and a secure environment to prevent unintended damage. However, manual lab setup and configuration can prove to be a laborious and time-consuming process. In this article, we'll look at 4 ways to create a reverse engineering lab, discuss how to save time, and, potentially, improve the detection rate using a cloud service, and a recommended list of tools for a comprehensive setup. In essence, a malware analysis lab provides a safe, isolated space for examining malware. The setup can range from a straightforward virtual machine using VirtualBox to a more intricate network of interconnected machines and actual networking hardware. But in this article, we'll look at building a lab tailored for static analysis, so what we will need is a secure environment where we can run disassemblers, edit binary files and debug. There are a couple of ways we can go about creating it: Perhaps the simplest way to create a secure and isolated environment is by using a virtual machine. A popular option is Virtual Box, open-source software from Oracle. If you are on Linux, to install it, just use the command sudo apt install virtualbox. VMWare is another popular choice — it's a commercial program, but there is a free tier.
top of page
bottom of page