Didier Stevens

Thursday 4 September 2008

Pocket Virus Lab

Filed under: Hardware,Malware,nslu2 — Didier Stevens @ 18:57

Slugs are versatile little machines. I installed Slugos on my NSLU2, followed by the tools I used in my sampling video.

Unfortunately, it’s too small for my sticker 😉

When I access it with SSH, I see no difference with a shell account on a regular machine.

My Python programs work unmodified, and I can compile my C programs like SpiderMonkey.

As a virus lab, it has a couple of advantages:

  • no malware is targeting this platform (yet), so you can use it to sample and analyze malware without risking infecting the lab
  • the OS is stored on a USB storage device, providing easy swap and imaging (e.g. rollback) capabilities
  • you can connect infected harddisks to it (via a USB adapter) and inspect them without risk
  • it’s a full Linux distro (no GUI, of course): you can find many pre-build (security) tools or compile your own

For an Howto:

Installing Slugos as per these instructions.

Installing a C compiler (not essential for a virus lab):

Installing the Optware feed as per these instructions.

Installing the Optware toolchain:

  • /opt/bin/ipkg-opt install optware-devel

Linking /usr/bin/python to the python2.5 executable

Now if I could just get my hands on a small biohazard sticker…

Blog at WordPress.com.