This repository contains a manual for installing a Malware Lab environment. The Malware lab is intended for a research project to compare the detection difference between a NIDS and HIDS. The aim of the research was to advise small and medium-sized enterprises if network detection (NIDS) sufficient is to detect malware infection in a enterprise network or that End-Point detection (HIDS) is necessary. The results of the research can be found here.
The manual is subdivided in to the following parts:
-
Installation & Configuration of:
-
VMware Workstation Pro
-
PFSense
-
Windows 10 VM (Victim Machine)
-
HIDS (Ubuntu Server 18 with Wazuh)
-
NIDS (Ubuntu Server 18 with Snort & Suricata)
-
-
Last configuration to combine these VM’s
The design of the malware lab:
Figure 1. Malware Lab Infrastructure