Materials Needed:

$$ Virtualization software $($e$.$g$.,$ VirtualBox, VMware$)$

$$ Virtual machines $($VMs$)$ with different operating systems $($e$.$g$.,$

Windows, Linux$)$

$$ A network traffic capture tool $($Wireshark or similar packet$-$

capturing tool$)$

$$ A memory dump analysis tool.

$$ Lab guide $($provided below$)$

$1)$ Set up two VMs $($one Windows and one Linux$).$

$2)$ Configure remote access on the both VM$$s through any

medium you choose.

$3)$ Implement strong password policies on both VMs$.$

$4)$ Use Wireshark to capture network traffic between the two VM$$s

while attempting to login in using correct and incorrect

credentials. Once complete, close the capture and analytze it

for the packets that show the attempts, compare and contrast

the correct and incorrect attempts to access.

$5)$ Open Wireshark for a second capture and Infect your VIRTUAL

MACHINES with malware of your choice. Have it run for a few

minutes, for the malware to fully take effect and then analyze

the capture for signs of attempted data exfiltration, login

attempts and other signs of attempts to gain unscrupulous

access

Procedure:

$1)$ Set up two VMs $($one Windows and one Linux$).$

$2)$ Implement strong password policies on both VMs$.$

$3)$ Do some cursory research and utilize the built$-$in memory dump

tools or free third$-$party memory dump collection tools to create

a memory dump file.

$4)$ Utilize a memory dump analysis tool and look for malicious

code and any other evidence of intrusions into either system.

This might require you to visit risky sites on the VM with the

security protocols off $($no anti$-$virus$/$malware etc.$)$