Announcement

Collapse
No announcement yet.

How to create a sandbox

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to create a sandbox

    I am using VMware workstation 5.5 and would like to create an automated sandbox for testing out potential malware. I have a separate system that runs like virustotal - but that checks static signatures. I want to be able to do the following all automatically:
    - bring up vmware
    - have it start up a specified list of apps like Procmon or Wireshark or some A/V engine
    - inject the malware sample
    - have the malware start running
    - log everything
    - close down the VM

    How can I do this all automated? Is there some vmware manual I should be reading to figure this all out since the stardard Vmware workstation user guide doesn't cover this.

    Thanks!

  • #2
    Re: How to create a sandbox

    1. Upgrade to VMware Workstation 6.x if you can, or use VMware Server (a FREE virtualization offering which runs as a service!). If you want to start VMware Workstation as a service, you can follow the steps here: http://communities.vmware.com/message/115426 You may skip this step if you choose.

    2. Use a script (or the VMware GUI) to launch your testbed VM.

    3. You didn't mention an OS but I'll assume Windows based on what you've said so far. Download Autologon from http://technet.microsoft.com/en-us/s.../bb963905.aspx
    Configure your VM to automatically log on with whatever permissions you desire.

    4. Once your user account logs on automatically from step #3 above, configure a script inside the Windows VM to launch at logon to do all of the things you mentioned (use either a computer based logon script or place the script in the Startup program group)
    - have it start up a specified list of apps like Procmon or Wireshark or some A/V engine
    - inject the malware sample
    - have the malware start running
    - log everything

    5. Use a script (or use the VMware GUI) to shut down your testbed VM.


    All the VMware Workstation manuals are located here: http://www.vmware.com/support/pubs/ws_pubs.html
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
    boche.net - VMware Virtualization Evangelist
    My advice has no warranties. Follow at your own risk.

    Comment

    Working...
    X