Didier Stevens

Slugs are versatile little machines. I installed Slugos on my NSLU2, followed by the tools I used in my sampling video.

Unfortunately, it’s too small for my sticker 😉

When I access it with SSH, I see no difference with a shell account on a regular machine.

My Python programs work unmodified, and I can compile my C programs like SpiderMonkey.

As a virus lab, it has a couple of advantages:

• no malware is targeting this platform (yet), so you can use it to sample and analyze malware without risking infecting the lab
• the OS is stored on a USB storage device, providing easy swap and imaging (e.g. rollback) capabilities
• you can connect infected harddisks to it (via a USB adapter) and inspect them without risk
• it’s a full Linux distro (no GUI, of course): you can find many pre-build (security) tools or compile your own

For an Howto:

Installing Slugos as per these instructions.

Installing a C compiler (not essential for a virus lab):

• echo ‘src/gz optwarenslu2 http://ipkg.nslu2-linux.org/feeds/optware/nslu2/cross/stable’ > /etc/ipkg/optwarenslu2.conf
• ipkg update
• ipkg install crosstool-native

Installing the Optware feed as per these instructions.

Installing the Optware toolchain:

• /opt/bin/ipkg-opt install optware-devel

Linking /usr/bin/python to the python2.5 executable

Now if I could just get my hands on a small biohazard sticker…