Wednesday, October 30, 2019

Using VBoxManage to run BioLinux, headless


1. Import the appliance

$ vboxmanage import bio-linux-8-latest.ova

2. Check if the VM was imported

$ vboxmanage list vms
$ vboxmanage showvminfo "Bio-Linux-8.0.7" | less

3. Modify the VM to use bridged network connection

$ vboxmanage modifyvm "Bio-Linux-8.0.7" --nic1 bridged --bridgeadapter1 eno1

4.  Start the VM in headless mode

$ vboxmanage startvm "Bio-Linux-8.0.7" --type headless

5. Check if the VM is running

$ vboxmanage list runningvms

6. Get the assigned IP address to the VM

$ vboxmanage guestproperty enumerate {`VBoxManage list runningvms | awk -F"{" '{print $2}'` | grep IP | awk -F"," '{print $2}' | awk '{print $2}'

7. Hard shutdown of the VM

$ vboxmanage controlvm "Bio-Linux-8.0.7" poweroff

8. Use SSH to connect to the VM

Sunday, October 13, 2019

DEC{}DE 2019: Gear UP Experience

We again attended this year's DEC{}DE event sponsored by Trend Micro. This is my third year attending the event (2018, 2017). The talks were really interesting especially the Keynote by Jay Yaneza.  I also liked the talk given by Jon Oliver about the role of Machine Learning in Cybersecurity where he emphasized that ML must be layered to existing security solutions. The hands-on session was on Powershell for the Blue Team.


(Photo from Trend Micro)


Sunday, October 6, 2019

Video: Basic Malware Analysis Workflow

The setup is using a Whonix Gateway VM and a Windows XP VM running in VirtualBox. Our objective is to capture the network traffic generated by malware. The malware is run on the Windows XP VM configured to use Whonix as the gateway.