FLARE VM Setup
FLARE VM is a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc developed by Fireeye. The set up is relatively straight forward but I thought since I am setting up a VM for myself it would be worth documenting the process in case it is of use to anyone else doing the same.
- To start with set up a clean Windows VM add as much RAM as you can, I used 8GB. I won’t go into specifics here, if you haven’t set up a VM in VirtualBox before I recommend following along this guide: https://www.computerworld.com/article/2825616/no-hassle-way-to-install-windows-10-with-virtualbox.html or if you prefer the manual: https://www.virtualbox.org/manual/ch01.html
2. After you have got your clean windows install I recommend taking a snapshot. This is done in VirtualBox Manager under Machine > Tools > Snapshots > Take, in the dialog windows that pops up add a name and description.
3. Now install VirtualBox Guest Additions to make your life easier. This is done by inserting the Guest Additions CD image by clicking Devices > Insert Guest Additions CD Image and then opening the CD in File Explorer then running the installer and clicking through the prompts, once complete you will need to restart. Post-reboot install Google Chrome.
4. Open https://github.com/fireeye/flare-vm in Chrome and download a zip of the FLARE project by clicking on the green download code and then the Download ZIP button on the drop down.
5. Once the download completes unzip extract the zip and navigate into the extracted folder then in File Explorer click File then expand the Windows PowerShell option and run it as Admin.
6. In your Admin PowerShell window run the following command: Set-ExecutionPolicy Unrestricted
following with Y when prompted.
7. Now you can kick off the FLARE installer by running the following command with your password after the -password flag: .\install.ps1 -password <password>
when prompted follow with R to install, then find something to occupy yourself while it runs. Your VM will restart several times during this process, just let it do it’s thing.
8. If something went wrong during the install, try rerunning the installer and if problems persist after that then restore your VM back you the snapshot you took earlier. If the installer finished successfully take another snapshot so that after you perform some analysis you can restore your VM back to a clean state.
What now? Tackle some of the challenges from FLARE https://flare-on.com/ or crack into PMA https://nostarch.com/malware.