DECOMPILING MALWARE: INFOSEC DOCKER [2 OF 2]
If you've read our previous blog post on decompiling malware, you'll note that we pointed out a Docker image to make decompiling malware slightly easier for non-experts.
In this post, we aim to provide you with an outline of Docker containers that can be used to kick-start a security program or help elevate an existing program.
The technologies here can be run by a single individual in an SMB sized organization to provide a decent start to a security program. Or used by an individual who is looking to advance their career in security with a no-cost lab environment using existing hardware.
That said, just because it's easy to deploy does not mean its a set it and forget it solution. As a matter of fact, it will likely be the complete opposite. These containers are not the solution to a robust security strategy including a SOC and routine penetration testing.
Warning Label
Importantly, we should point out that Docker in itself is not a security boundary. Like any "easy button" technology, you must use common sense and system isolation when deploying.
You should change all passwords and harden the appliance after installation.
You should use Docker Containers from trusted individuals or audit those containers and monitor for backdoors that may impact your organization.
All containers noted here are only recommended by the author not necessarily endorsed by Emagined Security.
Install
Grab a copy of Docker for your platform.
Follow the installation guide and tune the Docker system to run with as much memory and CPU as you're willing to feed to it. Just like any solution, the more you give, the more it will return.
Docker Containers I find useful for general security tasks:
There are a number of security containers that are available from dozens of resources.
I like Docker because I can have the same containerized environments regardless of platform (Windows/OSX/Linux) and for an individual who has different laptops for different clients and engagements, I appreciate a consistent set of tools.
Among those tools are:
Local Debian instance: debian:latest
Metasploit: remnux/metasploit
Chrome via VNC: siomiz/chrome
WordPress Scan: wpscanteam/wpscan
OpenVAS Scanner: mikesplain/openvas