Get Instant Help From 5000+ Experts For
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing:Proofread your work by experts and improve grade at Lowest cost

And Improve Your Grades
myassignmenthelp.com
loader
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!
Free Quote
wave
Virtual Machine Setup and Networking between VMs, Linux Basic Usage, Malware Static Analysis, Wiresh
Answered

Set up VMs in Nat Network mode and create a virtual LAN

Please install VirtualBox on your own machine, then import the following two VM images in your VirtualBox:  Kali Linux VM, and Windows 7 VM (with any version of IE you want).

1).  Set up these two VMs in “Nat Network” mode and put them in one virtual LAN that has the subnet (i.e., network CIDR) of 192.168.100/24.  After that, please find out what are these two VMs IP addresses? Please use screenshot images to show how you configure the subnet of the virtual LAN, and how you find out each VM’s IP address.  (15 points)

2).  Use screenshot images to show that you can Ping from Win7 VM to your Kali Linux VM successfully.

In your Kali Linux VM, login with the ‘root’ account. Then conduct the following operations. All operations must be conducted under Linux command line terminal window:
1). Under your account home directory ‘/root’, create the following directory tree. Use screenshot image to show how you do it.

2). Change the directory access property: Make the dir ‘TA’ to be read/write/executable by group and others; make the dir ‘Instructor’ to be un-readable and un-executable by others (writable property does not matter). Use sceenshot image to show your operations.

3). Copy ‘/etc/passwd’ file under the ‘Alice’ directory. Then use one command line operation to show only the several lines in the passwd file under the Alice directory that contain ‘systemd’ keyword. Again use screenshot image to show your operation.

I have downloaded a ‘malware.zip’ from http://openmalware.org/ before it was discontinued. Now you need to provide static analysis of this code. Note that as I explained in lecture, this ‘malware.zip’ is compressed with password ‘infected’, and unzipping it will generate a file called ‘malware.exe’. You probably have to use your Windows VM to download this malware code and analyze it, since the anti-virus software installed on your computer’s host OS might prevent you from  decompressing it out.

1). What is the real name of this malware? Explain how you determine its name. Since different malware detection systems provide different names, you need to provide the malware’s name given by the ‘ClamAV’ anti-virus software run on http://virustotal.com (Links to an external site.) (don't run ClamAV software on your own computer to make this detection). Use screenshot image to show the part where ClamAV providing the name.

2). Use a screenshot image to show how you use a static analysis tool to determine that the malware is “packed”.

3). Use a screenshot image to show how you unpack this malware. Give the unpacked malware program with the name as “malware-unpacked.exe”. What are the file size (in terms of number of bytes) of the ‘malware.exe’ and the ‘malware-unpacked.exe’, respectively?  (10 points)

4). Use a static analysis tool to analyze this unpacked malware code. Answer the following questions with support of corresponding screenshot images:

   a). How many bytes are in the “File Header”? What are the value of the first 5 bytes in “File Header”?

   b). Show the first three lines of assembly language instructions of the malware code.

On the Windows computer in my UCF office, I opened Wireshark and captured network traffic while I did a few normal operations. Your task is to download this captured file and analyze it by using Wireshark to answer the following questions (you need to explain what display filters and operations you have done to derive your answers):

  • How many TCP packets have ‘reset’ flag set as 1? In the Internet web traffic, what is the file name of the .jpg picture file?    What are the IP addresses of the DNS servers that have been queried during this traffic capture?     Please provide the list of IP addresses of local computers that have sent out ‘Dropbox LAN sync Discovery’ messages and have IP addresses between ‘10.173.214.0’ to ‘10.173.214.99’?
  • In command window, I used ‘tracert’ command to conduct a traceroute to an Internet server. I stopped the traceroute operation after I received “Request time out” messages from a few routers.
    • What is the IP address of the Internet server did I do the traceroute to? What is my own computer’s IP address?
    • How many routers within UCF campus network have responded to my traceroute operation (i.e., sent back notification messages)? Please provide their IP addresses in the order of the first router, second router, third router, etc.

support
Whatsapp
callback
sales
sales chat
Whatsapp
callback
sales chat
close