Scribd Logo
Upload

Welcome to Scribd!

  • Building A Malware Analysis Lab

    Uploaded by

    Erdem Enust
    55 views9 pages

    Original Title

    Building a Malware Analysis Lab

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    55 views9 pages

    Building A Malware Analysis Lab

    Uploaded by

    Erdem Enust

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    TRAINER - DO NOT SHARE

    Building a Malware
    Analysis Lab

    TRAINER - DO NOT SHARE


    TRAINER - DO NOT SHARE

    Building a Malware Analysis Lab

    🔹Building a Malware Analysis Lab


    🔹Installing the VirtualBox OR (Hyper-V)
    🔹Configuring the Virtual Machine
    🔹Flare-VM Installation
    🔹Static Malware Analysis Fundamentals
    🔹Dynamic Malware Analysis

    TRAINER - DO NOT SHARE


    TRAINER - DO NOT SHARE

    Prepare Sandbox Virtualization Environment

    • Enable Virtualization on your Computer


    • Install a virtualization software (Hyper-V)
    • Configure a Malware Analysis Lab VM

    TRAINER - DO NOT SHARE


    TRAINER - DO NOT SHARE

    Create the Virtual Machine

    • Install Windows 10 in Hyper-V


    • Download Windows 10 Enterprise Evaluation copy

    • Create a base snapshot of the VM after configuring it.

    TRAINER - DO NOT SHARE


    TRAINER - DO NOT SHARE

    Configuring the VM

    • Disable Windows Update


    • Goto Services.exe -> Windows Update -> Click Stop -> Startup type is ‘DISABLED’ -> Apply

    • Disable Windows Defender


    • Goto Windows Security-> Manage Settings-> Realtime protection off-> Cloud delivered off-> Automatic sampling off->
    Tamper protection off
    • Then Do ( Windows+R-> gpedit.msc -> Administrator Templates-> Windows Components-> Microsoft Defender Antivirus -
    > Enable «Turn off Realtime protection» -> Enable «Turn off Microsoft Windows Defender Anti Virus» REBOOT!!!

    • Disable Hide Extensions


    • Open file Explorer -> View options-> Change options->View->Uncheck hide extensions for known filetypes-> Also check
    the second circle

    • Show Hidden Files and Folders


    • Create a Snapshot (Rename BaseLine)

    TRAINER - DO NOT SHARE


    TRAINER - DO NOT SHARE

    Flare-VM Installation

    • Malware Analysis Lab Machine Settings:


    • 2 VM Processors
    • 8 GB Memory
    • Display: Enable 3D Acceleration
    • Network: Change it to Host-Only Adapter – No Live Connection
    • Use Chrome browser OR Opera GX.
    • Download Flare VM github (mandiant/flare-vm GitHub)
    • Install.ps1 (save link as to a new folder on desktop, name it «Flare»)
    • File > Run PowerShell as Administrator THEN follow the installation steps

    TRAINER - DO NOT SHARE


    TRAINER - DO NOT SHARE

    Extra Tools

    • FakeNet
    • https://github.coom/mandiant/flare-fakenet-ng
    • HashMyFiles
    • https://nirsoft.net/utils/hash_my_files.html
    • Regshot
    • https://sourceforgenet/projects/regshot
    • Ghidra
    • https://github.com/NAtionalSecurityAgency/ghidra/releases
    • Important: Take Snapshot!!! (Flare-VM)

    TRAINER - DO NOT SHARE


    TRAINER - DO NOT SHARE

    Static Malware Analysis - Fundamentals

    • DEMO

    TRAINER - DO NOT SHARE


    TRAINER - DO NOT SHARE

    Building a Malware
    Analysis Lab

    TRAINER - DO NOT SHARE

    You might also like