Explore advanced network simulation techniques for malware analysis in this Black Hat conference talk. Delve into the capabilities of FakeNet 2.0, a free Windows-based tool designed to trick malware into believing it's connected to the Internet. Learn how to mimic common protocols like HTTP, SSL, and DNS, quickly reconfigure FakeNet for successful malware deception, and understand its use of Windows Internals. Discover process tracking techniques to identify malicious network activity sources and automatic PCAP logging features. Gain hands-on experience analyzing real-world malware samples to extract network-based signatures, progressing from basic to advanced challenges. Finally, learn to extend FakeNet's functionality by writing custom Python extensions for specific malware protocols.
Overview
Syllabus
Counterfeiting the Pipes with FakeNet 2.0 (Part 2/2)
Taught by
Black Hat