China 
Africa 
Explore chapters and articles related to this topic
Zero-day Polymorphic Worm Collection Method
Published in Mohssen Mohammed, Al-Sakib Khan Pathan, Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks, 2016
Mohssen Mohammed, Al-Sakib Khan Pathan
We used a virtual machine to deploy the double-honeynet system due to the lack of resources and to keep the establishment low cost. One PC was used, and VMware Workstation was installed on it. The VMware Workstation is a software package that gives its users the opportunity to create virtual machines that constitute virtual networks interconnected with each other. Thus, we created the double-honeynet system as a virtual network seen from the outside world as an independent network. Attackers could locate the honeypot and attack it. The honeypot was transparently connected to the Internet through the honeywall, which in turn intercepted all outbound and inbound traffic. Therefore, malicious traffic targeting the honeypot (inbound) or malicious traffic generated by the compromised hon-eypot (outbound) was available to us from the honeywall for further analysis and investigation. As mentioned in Section 8.3, honeynet 1 and honeynet 2 were configured to deliver unlimited outbound connections. The internal router was used to protect our local network by redirecting all outbound connections from honeynet 1 to honeynet 2 and vice versa.
Cyber-Espionage Malware Attacks Detection and Analysis: A Case Study
Published in Journal of Computer Information Systems, 2022
All analyses in this study were completed with a Dell Precision T7920 brand workstation with 2xXeon Gold 5118 /32GB/256GB M.2 SSD running Windows 10 Pro operating system. All investigations were performed in Virtual Machine (VMware Workstation Pro 16) mode to prevent possible attacks by the malware examination designed for spying and espionage activities in the workstation. Analyses were performed with the “FTK Imager v.4.5,” “Process Monitor v.3.70.,” “Autopsy v.3.1.2.,” “Registry Viewer v.1.8.0.5,” “Volatility v.2.6.” and “Wireshark v.3.4.5” programs. After preparing a secure analysis environment, the investigation step began.