Build a Malware Analysis Lab (Self-Hosted & Cloud) - The Malware Analysis Project 101

Показать описание

⛔ Disclaimers: I take no responsibility or accountability for infection of malicious software, programs, files onto any computer or workstation. This project and videos are for educational purposes only. I do not condone the development, use of, or spreading of programs to intentionally harm assets, networks, or individuals.

Safety is key when dealing with malware. Ensure you always are following protocols when it comes to downloading and detonating a malicious sample. Follow all instructions within the courses and listed resources.

📝 Notes:

⏰ Timestamps:
0:00 - Introduction
0:51 - Crash Course Overview
1:52 - Self-hosted Topology
3:13 - Cloud-hosted Topology
4:12 - Items to Note
5:45 - Lab Showcase
6:10 - Download VirtualBox
7:02 - Download Windows 10 ISO
8:22 - Download Remnux
9:03 - Windows 10 VM Setup
16:06 - Disable Windows Defender
19:24 - Setup FlareVM
23:45 - Setup Remnux
25:15 - Setup Host-only Adapter
27:23 - Configure Remnux
33:45 - Setup & Test VM Connections
37:11 - Self-hosted Lab Finished
37:19 - Cloud Lab Overview
39:05 - Creating EC2 Instance
43:30 - Set VM Environment
45:55 - Disable Windows Defender
47:51 - Install FlareVM
53:10 - Export AMI
54:12 - Create IAM Role
57:35 - Download JQ, Terraform, AWSCLI
1:01:13 - Log Into IAM Account
1:02:14 - Change Terraform Files
1:05:49 - Deploy Cloud-hosted Lab
1:07:08 - Log Into Lab
1:07:44 - Configure INetSIM
1:09:02 - Cloud-lab Finished
1:11:06 - Conclusion

🔗 Links & Commands:

[Self-Hosted Lab]

[Download FlareVM]
Change directories to the Desktop

Set-ExecutionPolicy Unrestricted

[Cloud-Hosted Lab]

[Install JQ]
sudo apt install jq

[Install Terraform]
sudo apt-get update && sudo apt-get install -y gnupg software-properties-common

gpg --dearmor | \

gpg --no-default-keyring \
--fingerprint

sudo apt update

sudo apt-get install terraform

[Install AWS CLI]
sudo apt install awscli -y

[Clone AWS Malware Lab GitHub Repo]

[Create File]

[Configuration File]
{
"environment": "malware-lab",
"ami": "ami-xxxxxxxxxxxxxxxxx",
"account" : "222222222222",
"region": "us-east-1",
"enable_guacamole": false,
"enable_inetsim": true
}

[Terraform Commands]
- terraform init: Initialize the environment.
- terraform plan: Plan the configuration.
- terraform apply: Apply the configuration file to AWS account.
- terraform destroy: Destroy the environment once analysis has been conducted.

🐕 Follow Me:

🤔 Have questions, concerns, comments?:

🎧 Gear:

Grant Collins

Рекомендации по теме

Комментарии

Seen your newest upload just 18 min ago. Hows this notification that this video came up on me feed. Thanks mate. Love this vid. It gave me afew ideas for malware work. Pretty hecas to be fair.

orlando

This is a great setup. I ran a couple of malware analysis labs (on-prem and remote) for almost two decades and there was a lot of overlap with what you've done here. My setup of choice was using ESXi, virtualising a firewall, and then building the clients behind that. I love the flexibility of your cloud based setup though.

GSAUS

I have no idea what any of this is but I think its really cool

xxnoobxx

I have an interest in CyberSecurity and a Network Pro + certification but I am by no means an expert. This video helped me fill in some gaps in my knowledge without being so advanced that it's impossible to understand

foolishart

Im so gonna use this RDP application for ny work. Ur the best

orlando

Great demo! I was able to follow along and set up the lab in cloud. Although I am curious if AWS allows malware analysis in their environment? Do we need explicit approval from AWS to do so?

amolwanave

this looks alot easier that configuring cuckoo3; i know cuckoo3 its kind of different because its sutomatic analysis, but this looks better for me

lPlanetarizado

Guys i didn't get network in Windows flare VM says No Internet

Unknown-hegz

I followed all the steps and after the .\install.ps1 was executed in powershell the flare vm is not showing up on my screen it is my regular windows background. How would I know if it was downloaded correctly? Any help is appreciated.

zackerymcallister

could'nt insert addition guest cs image

jivantsnow

I did all the network setup correctly can’t reach jost

reconxf

i tried setting it up on VMWare workstation and everything went smoothly until setting up a host only network, how do we do that in VMWare workstation pro?

aalokydv

Hi, are there enough jobs in malware analysis domain? What's the future of this domain as SOAR and automation comes in

anantP-ipop

i get .404 error for installing FlareVM someone help

frankthe_

Hello, does anyone know why the "install" file is not generated on the desktop? ...and thnks Grant for this gread work

mahetsiedahi

why did you skip over disabling updates or fully turning off defender in group policy?

nickmullen

How would one safely download/import malware samples into those lab setups? Whether its host-based or cloud-based. Thanks

Trilipop

I tried setting up the Flare Vm, following each step but it keeps saying please disbale windows defender through group policy after i have diabled all

ayomikunlawal

Im enjoying doing this project but im running into an issue with connecting REMnux and FlareVM. When I run ipconfig in powershell I get the ipv4 address 10.0.0.3 and when i run a ping test in power shell with ip 10.0.0.3 it comes back successful but when i run 10.0.0.4 in powershell it comes back with a request timed out and Lost=4. When i run "ping 10.0.0.4" or "ping 10.0.0.3" in REMnux it says "Network is unreachable". When I run ipconfig in REMnux the inet address is 127.0.0.1. I tried rewatching the video and starting from the beginning but I'm stumped on what to do. This is my first malware analysis so i want to make sure everything is correct before moving forward. Any suggestions?

icbvzkr

Just a quick question, I will soon be starting this tutorial, can I give around 40 gigs of space instead of 75? My laptop sucks. :(

hammazahmed

Build a Malware Analysis Lab (Self-Hosted & Cloud) - The Malware Analysis Project 101

Build a Malware Analysis Lab (Self-Hosted & Cloud) - The Malware Analysis Project 101

How to build a Malware Analysis lab in 2024 (guide)

How To Setup A Sandbox Environment For Malware Analysis

Malware Analysis In 5+ Hours - Full Course - Learn Practical Malware Analysis!

How to Set Up a Malware Analysis Lab with FLARE | Step-by-Step Guide

Hacker's Gave me a Game and I Found a Virus

Build Your Own Malware Analysis Tool

Learn to Analyze Malware - (The Malware Analysis Project 101)

Cybersecurity Tool: Malware Virtual Machines (Remnux & FlareVM)

Building Your Own Malware Analysis Lab (2024 Guide)

Analyzing the Zeus Banking Trojan - Malware Analysis Project 101

#1 How to Build a Malware Lab

Introduction to Malware Analysis Lab

Build a Powerful Home SIEM Lab Without Hassle! (Step by Step Guide)

Creating a sandboxed lab for analyzing malware

Building a Malware Lab - Software, Hardware, Tools and Tips for Effective Malware Analysis

Build an effective Malware analysis Lab for malware analysis [Step-by-Step] Guide.

Cybersecurity SOC Analyst Lab - Malware Analysis (RTF Document)

Practical Malware Analysis Essentials for Incident Responders

ULTIMATE Malware Lab...for linux users ;)

Lab Setup for Analyzing Malicious Files and Executables

How to build your own malware analysis lab? P. 1

Malware Minute -- Malware Analysis Lab Setup

5 Cybersecurity Portfolio Projects in 5 Minutes