{"id":7250,"date":"2024-03-12T07:20:38","date_gmt":"2024-03-12T07:20:38","guid":{"rendered":"\/cybersecurity-blog\/?p=7250"},"modified":"2024-03-12T13:55:28","modified_gmt":"2024-03-12T13:55:28","slug":"monikerlink-sandbox-analysis","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/monikerlink-sandbox-analysis\/","title":{"rendered":"How to Set Up a Network Research Laboratory: MonikerLink (CVE-2024-21413) Case Study\u00a0"},"content":{"rendered":"\n

Every now and then, you come across a situation where you need to get hands-on to understand how an exploit or malware works and then create a detection rule. Plus, there are times when it’s essential for the attacking machine to be on the local network to capture network traffic or utilize its own detection tools. <\/p>\n\n\n\n

In this article, we’ll show you how to set up a working environment to gather IOCs and write detection rules, using CVE-2024-21413<\/strong><\/a> <\/strong>as an example. We’ll walk you through integrating the ANY.RUN virtual machine into a local VPN network for this purpose. To do this, we’ll: <\/p>\n\n\n\n

    \n
  1. Let’s quickly analyze the CVE and prepare a Proof of Concept (PoC). <\/li>\n<\/ol>\n\n\n\n
      \n
    1. Set up a local VPN network with the ANY.RUN machine. <\/li>\n<\/ol>\n\n\n\n
        \n
      1. Verify the functionality of the PoC and gather NTLM Hash using Impacket. <\/li>\n<\/ol>\n\n\n\n
          \n
        1. Gather IoCs and draft a detection rule. <\/li>\n<\/ol>\n\n\n\n\n
          \n\n

          \nSign up for ANY.RUN<\/span> to follow along with the investigation \n<\/p>\n\n\nSet up free account\n<\/a>\n<\/div>\n\n\n\n