Abstract
Malicious software teaching is based on theory, consequently, students do not experiment with real practice. Therefore, when they confront a rising incidence in the real world, the response is not usually at the adequate time neither valuable enough. A practical focus will provide a different understanding of the problem due to the fact that the student will be able to recognise suspicious behaviour. This paper proposes the design of an entire platform that experiments with topics related to malware in a controlled and safe environment. The strategy presented is a virtual machine that integrates tools including Metasploit Framework, vulnerable systems, and software scanners. Besides, a web tutorial is available for user orientation; it incorporates additional exclusive components for Metasploit and a tutorial to develop them.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Nop operation is an assembly language instruction that has no action.
References
The network support company, What Is Malware? [Infographic]. https://www.network-support.com/wp-content/uploads/2016/10/What-Is-Malware-Infographic.jpg. Accessed 06 Oct 2016
Szor, P.: The Art of Computer Virus Research and Defense. Pearson Education (2005)
Davis, M., Bodmer, S., LeMasters, A.: Hacking Exposed Malware and Rootkits. McGraw-Hill Inc., New York (2009)
Damshenas, M., Dehghantanha, A., Mahmoud, R.: A survey on malware propagation, analysis, and detection. Int. J. Cyber Secur. Digit. Forensics (IJCSDF) 2(4), 10–29 (2013)
Fosnock, C.: Computer worms: past, present, and future, p. 8. East Carolina University (2005)
Kiltz, S., Lang, A., Dittmann, J.: Malware: specialized trojan horse. In: Cyber Warfare and Cyber Terrorism, pp. 154–160. IGI Global (2007)
Goswami, D.: Wanna Cry ransomware cyber-attack: 104 countries hit, India among worst affected, US NSA attracts criticism. http://indiatoday.intoday.in/story/wanna-cry-ransomware-attack-104-countries-hit-nsa-criticised/1/953338.html. Accessed 14 May 2017
Sikorski, M., Honig, A.: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press Edition (2012)
You, I., Yim, K.: Malware obfuscation techniques: a brief survey. In: 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA) (2010)
Singh, A.: Metasploit Penetration Testing Cookbook. Packt Publishing Ltd., Birmingham (2012)
Rapid 7 Community: Metasploit-framework: msfvenom. https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom. Accessed 14 Sept 2016
Rapid 7 Community: Metasploit user guide. https://community.rapid7.com/docs/DOC-1563. Accessed 06 June 2017
Rapid 7 Community: How to set up a penetration testing lab. https://community.rapid7.com/docs/DOC-2196. Accessed 05 July 2013
Scambray, J., McClure, S., Scambray, J.: Hacking Exposed Windows. Tata McGraw-Hill Education, New York (2007)
Rapid 7 Community: Metasploitable 2 exploitability guide. https://community.rapid7.com/docs/DOC-1875. Accessed 01 June 2012
Truncer, C.: Veil 3.0 command line usage. framework.com/veil-command-line-usage/. Accessed 21 Mar 2017
Spafford, E.H.: The Internet worm program: an analysis. ACM SIGCOMM Comput. Commun. Rev. 19, 17–57 (1989)
Porras, P., SaÃdi, H., Yegneswaran, V.: A Foray into Conficker’s Logic and Rendezvous Points. In: LEET (2009)
Google Open Online Education: Course builder documentation (2017). https://edu.google.com/openonline/course-builder/index.html
Maynor, D.: Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research. Elsevier, Amsterdam (2011)
Piedra Orellana, C.P., Peralta Bravo, A.C.: Evaluación del rendimiento académico de los estudiantes de la asignatura de algoritmos, datos y estructuras de la facultad de ingenierÃa a partir de la construcción de un modelo conceptual de datos aplicado a un MOOC, Cuenca, Ecuador (2014)
Google Cloud Platform, Google Inc.: Quickstart for Python App Engine Standard Environment. https://cloud.google.com/appengine/docs/standard/python/quickstart. Accessed 21 May 2017
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
RiofrÃo, X., Salinas-Herrera, F., Galindo, D. (2020). A Design for a Secure Malware Laboratory. In: Fosenca C, E., RodrÃguez Morales, G., Orellana Cordero, M., Botto-Tobar, M., Crespo MartÃnez, E., Patiño León, A. (eds) Information and Communication Technologies of Ecuador (TIC.EC). TICEC 2019. Advances in Intelligent Systems and Computing, vol 1099. Springer, Cham. https://doi.org/10.1007/978-3-030-35740-5_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-35740-5_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-35739-9
Online ISBN: 978-3-030-35740-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)