Skip to content

SanWieb/PROJ201-MalwareLab-Manual

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PROJ201 - Installation Manual NIDS & HIDS Malware lab

This repository contains the installation manual of a NIDS & HIDS malware lab, this malware lab is used in a research project carried out during an internship.

The manual can be user-friendly (HTML version) viewed here, a PDF-version is available here.

Description

This repository contains a manual for installing a Malware Lab environment. The Malware lab is intended for a research project to compare the detection difference between a NIDS and HIDS. The aim of the research was to advise small and medium-sized enterprises if network detection (NIDS) sufficient is to detect malware infection in a enterprise network or that End-Point detection (HIDS) is necessary. The results of the research can be found here.

The manual is subdivided in to the following parts:

  • Installation & Configuration of:

    • VMware Workstation Pro

    • PFSense

    • Windows 10 VM (Victim Machine)

    • HIDS (Ubuntu Server 18 with Wazuh)

    • NIDS (Ubuntu Server 18 with Snort & Suricata)

  • Last configuration to combine these VM’s

The design of the malware lab:

Malware Lab Infrastructure
Figure 1. Malware Lab Infrastructure

Wazuh is during the research enriched with Sigma rules, the converted Wazuh rules can be found in the sigWah repository

About

An installation manual of a NIDS & HIDS malware lab

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published