Lab3/Lab3steps.docx Scenario: The university has caught a malware operator on campus and found a domain generating algorithm (DGA) on the campus-owned computer which this person was using. The campus has asked you to figure out how it works so that they can potentially use the command and control server for research like is described here in the attached pdf. (Attached in folder) The file you will need to figure out is here (this is written in the computer language C, not malware) (this file is attached in folder). One way to find out how something works is using IDA in Kali Linux information about kali can be found here: kali.org. Some basic stuff about IDA can be found here: http://securityxploded.com/reversing-basics-ida-pro.php (Links to an external site.). These resources will not be sufficient to get you all the way through the lab, because they were not designed as a step by step walkthrough of the lab, you will need to take the knowledge from these resources and others that you find to complete the lab. I attached the exe file. You have to unzip the file. The exe file has to be run from command line (in a SAFE environment i.e. a virtual machine). When reverse engineering the exe file, you should be looking at _dga/dga function. You can use IDA Pro. (The .exe file is attached in folder) For this lab, you will need to: find out what you can from the files attached, following a lab report format outlined which is abstract, discussion, and conclusion. Take a lot of screenshots Steps I’ve done: 1- I used command prompt to check the file using sigcheck tool 2- I checked in virustotal.com to see if it’s known 3- I used HxD to check the file hex-decimal and header and found “MZ” 4- I checked the file properties and information 5- I checked the file’s strings to see the codes and try to recognize some of them 6- I took a snapshot for the registry 7- I executed cdga.exe and took a second snapshot for the registry 8- I compared the two snapshots and found 193 changes 9- I used process monitor to monitor the process. Lab3/MohammedLab/CFFexplorer.JPG Lab3/MohammedLab/CFFexplorer1.JPG Lab3/MohammedLab/CFFexplorer2.JPG Lab3/MohammedLab/hxd1.JPG Lab3/MohammedLab/hxd2.JPG Lab3/MohammedLab/processmonitor1.JPG Lab3/MohammedLab/regshot1.JPG Lab3/MohammedLab/regshot2.JPG Lab3/MohammedLab/searchinvirustotal.JPG Lab3/MohammedLab/searchinvirustotal1.JPG Lab3/MohammedLab/searchinvirustotal2.JPG Lab3/MohammedLab/Sigcheck1.JPG Lab3/MohammedLab/strings1.JPG Lab3/MohammedLab/strings2.JPG Lab3/ShahadLab/1.JPG Lab3/ShahadLab/10.JPG Lab3/ShahadLab/11.JPG Lab3/ShahadLab/12.JPG Lab3/ShahadLab/13.JPG Lab3/ShahadLab/2.JPG Lab3/ShahadLab/3.JPG Lab3/ShahadLab/4.JPG Lab3/ShahadLab/5.JPG Lab3/ShahadLab/6.JPG Lab3/ShahadLab/7.JPG Lab3/ShahadLab/8.JPG Lab3/ShahadLab/9.JPG ...