After procuring a new book - specifically "Malware Data Science, Attack Detection and Attribution" to aid in my Dissertation project over the next year. I thought I'd document all the practical work done during my reading!
And before you ask - yes, this does mean I'm actually going to commit to writing a blog-series. Will I though? I guess we'll find out...
You too can follow along on this venture, with what looks to be a resourceful love-child, containing enough info for both Data Scientists AND Malware analyzers to learn a thing or two...I'd hope.
Now, even storing malicious code within a Virtual Machine isn't ultimately safe. We're just trusting the Author here that the samples aren't nefarious...What's trust in this field?
Hang on, Don't They Already Provide the Environment?
Right you are! But come on...Its like I get off of not taking the easy-path or something. And plus. their website talks about Virtualbox being a bit-iffy with import compatibility.
- VMware Workstation Pro 15 (You bet I'm milking the licensing provided by University.)
- Guest-Machine / Lab OS: Ubuntu 18.04 with NAT networking. This will only be during dependency installation, after which I'll set the adapter to use an internal LAN that goes nowhere.
- Python 2.7 w/ pip (as per compatibility for the books' source code)
- Host-OS: Windows 10
- If you've got a steak at home, why have a burger now - with VMware being the steak. Its a much bigger personal preference, and just runs a lot better for me!
- As its data-science-y stuff, whilst the Virtual Layer restricts the Ubuntu VM from directly accessing the GPU, the VMware Graphics Adapter has DirectX compatibility (albeit accelerated) which the Lab may make advantage of.
- The inter-networking capabilities. For example, routing all network traffic to an already existing pfSense VM of mine - if I really wanted too.
The source code is contained in a zip file, so lets enable to ability to unzip and zip folders on Ubuntu, as well as installing HTOP (Top but on steroids) and Python2.7
Extracting the source using unzip
After a minute or two of extracting, lets enter the directory to verify it's worked!
After verification, we can begin working through the book! This post does not cover the python-dependancy installation, as each chapter has its own requirements.txt
Simply enter the same directory as the requirements.txt file, and run pip installer
pip install -r requirements.txt