Analyzing malware and ransomware without infecting ourself

discussion
malware
hacking
reverseengineering
#1

Spoiler alert: for newbies.

I want to learn how to analyze the behavior and mechanism of the trending malwares and ransomwares without jeopardizing my own pc. How can I achieve my objective? Will infecting OS in booted pendrive work?

0 Likes

#2

It’s called virtual machines, google it.

0 Likes

#3

I’m familiar with using Ubuntu in VMWare. However, what I meant to ask was that as the virtual machine does access the hard disk for showing me the drives, wouldn’t the original OS installed be infected if i infect the OS in VMWare? I apologize if the question sounds dumb, I’m just getting to know these things.

0 Likes

#4

Virtual machines are isolated/separate entities. The host OS should (in theory) be untouched. There are cases however where exploits/malware can achieve entire VM escapes but that’s another story.

0 Likes

#5

Regards, but some of them can harm the hard drive even you run them on VM, like WannaCry [ just as a mention ]

0 Likes

#6

I believe that’s exactly what I said above.

0 Likes

#7

So do you have any alternatives you can suggest to accomplish the task?

0 Likes

#8

So are there any alternative ways to accomplish the task knowing that I will be secure?

0 Likes

(0x65) #9

If you are concerned that the malware will escape the VM, then use a separate computer not connected to your network.

0 Likes

#10

I only have a single laptop. That’s the reason I’m started this topic in the first place.

0 Likes

#11

No. You will never know for certain that you’re secure. if this is what you want you’re in the wrong place looking into the wrong subject.

0 Likes

#12

@witch So using virtual machine is the best choice I have, right?

0 Likes

#13

Without another air-gaped machine (which is still not invulnerable) Yes.

0 Likes

#14

Alright. Thank you for your time. :slight_smile:

1 Like

(system) closed #15

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

0 Likes