Now you know some of the fundamental principles for building your lab, lets get to it, and build a small lab so you can analyse your first piece of malware.
Once you have chosen and installed your virtualisation software (VMware, Virtualbox, KVM ect) it is time to install your virtual machines. I will be using VMware Workstation Pro.
For your Linux Based system head over to Remnux.org and download the OVA file. Once downloaded, double click the OVA file. You can choose a name for your VM here or simple click IMPORT to accept the defaults.
Once the application has been imported it will populate the left hand pane. Right clicking on the VM and selecting settings will bring up the settings menu. Here you can edit the configuration of the VM such as ass more RAM or extra CPU power, or even increase the disk size. For now, click on the Network Adaptor setting, and change it to “Host-Only” and click OK.
For your windows 10 VM, head over to Microsoft and download an evaluation copy of the OS that corresponds to your virtualisation software. Once downloaded, extract the files to your preferred location. Click on the OVF file and Import the VM like before.
I’d recommend you increase the amount of RAM and number of CPU cores to improve the usability of the VM as this is where most of your work will be carried out. Leave the Network Adaptor settings as NAT for now as you need to download extras for your VM.
Power on the Windows VM by pressing the green play button and open up Internet explorer. Follow the instructions HERE to install Flare VM and have all your analysis tools installed automatically. (You will need to set a password before installing Flare)
Once the installer has finished, you are able to modify your desktop to have shortcuts to some of the more common applications. See below.
Finally go into the VM settings and change the Network Adapter to Host Only, so it matches the REMnux VM.
As mentioned in part one is is important to note down the network configuration of your Lab to make set-up easier.
For this lab we will be using the subnet of 192.168.0.0/24. The diagram below shows the IP addresses of the corresponding machines.
Power on the REMnux machine and run the following command in the terminal window.
In the editor enter the following details.
Ctl+X will exit the editor and press enter to confirm the changes. Then reboot the VM and enter “ifconfig” to confirm the changes.
Next on the Windows VM go to your network adaptor settings and change them to allow the machines to talk to each other.
The last thing to do is to confirm everything is working! On either VM ensure you can ping the other.
Congratulations, you made it. You are all set up ready to start analysis all kinds of malware. In the next few posts I will give you the foundation you need to begin your journey. Stay tuned!! Available now!!