Following up with last week's desktop sandboxing challenge Darren's taking a look at another kind of sandbox -- one for malware analysis. Shannon thinks your VNC and SSH servers are pretty spiffy, but how about controlling your computer over twitter? Free text messaging to your PC anyone?
Put together by a band of IT ninjas, security professionals and hardcore gamers, Hak5 isn't your typical tech show. We take on hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the homebrew scene. Then we wrap it all up with a healthy dose of cocktails and geek comedy. Damn the warranties, it's time to Trust your Technolust.
Want the most recent episode of this show always up to date on your website? Use this self-updating embed code!
CWSandbox is an automated malware analysis sandbox. It works by running suspected malware samples in a simulated Windows OS. So as opposed to trying to break into the malware code to see what it does, we simply run it in a live environment. That way we can monitor all the network traffic that the malware generates. All of the processes that are created, the DLLs that are loaded, any changes to the Windows registry and even what itís doing to the file system.
This is achieved by using a technique called API hooking. That basically means that when the malware calls the Windows application programmersí interface to say something like "connect to this IP address" or "modify this file" itís actually going to CWSandboxís monitoring software, which logs the action and goes ahead and makes the change.
Itís kind of like an operating system man-in-the-middle. For malware. So once a suspected malware sample is run through the tool you get a computer generated report of what the executable is actually doing. And this can be fed into anti-virus and intrusion detection systems to monitor for similar behavior.
While there is no denying the power of running your own SSH, VNC server at home for remote access, wouldnít it be nice if you could simply text message your computer something simple like "Hey, whatís your external IP address" or "Send me a screenshot" or "Go download this file"
And if Robin Wood has taught us anything with KreiosC2 ñ commanding your computer, or even a large botnet for that matter, over social networks is quite possible.
But now itís time for something a lot more user friendly. This week Snubs investigates TweetMyPC