Fast and Free Malware Analysis Lab Setup

malware analysis lab setup
How do you get started in Malware Analysis? First, you need an analysis environment in-place to investigate files. Here is the fastest way to automatically setup a Virtual Lab Environment complete with a FREE VM directly from Microsoft and FREE analysis tools.

Getting Started

This biggest question I receive is "how do I get started in malware analysis?" I always recommend reading Practical Malware Analysis book. It is the best, most straightforward malware analysis book I or any of my colleagues have ever read, and it is where most of us started.

Next Step: Malware Analysis Environment

The second biggest question I get is "how can I setup a Malware Analysis Environment?" This commonly involves a laborious process of obtaining a Windows' License, setting up a new Virtual Machine, gathering many tools, dependencies, and updates. This can often take the better part of a day.

However, today I show how to expedite this tedious task with a 100% Free VM directly from Microsoft. Next, I demonstrate an automated solution from the great FLARE team at FireEye to setup your lab environment with the industries top Free-To-Use tools for malware analysis and exploit development. 

This is absolutely the fastest, best, easiest, and free method I have ever found to setup a Virtual Lab Environment. All in all the process is completely automated and takes approximately 3 hours to complete depending on internet speed.

Watch this short video to see how it is done. If you don't have time for a video no worries here is the link to the FREE VMware Player,  FREE VM offered by Microsoft, and the FLARE Automated Analysis Framework and expedited instructions:

  1. Choose your virtualization software (VMware Player, VirtualBox, Qemu, Microsoft Hyper-V)
  2. Go to Microsoft's website and download the x64 VM available for your software.
  3. Import the OVF into your virtualization software.
  4. Create a snapshot before powering on the VM. This is very important to do.
  5. Power on the VM. The password for the VM is listed on the page you downloaded it from.
  6. Inside your VM, Google "Flare-VM" and download the ZIP from FireEye's Github page.
  7. Run powershell as administrator.
  8. Issue the command "Set-ExecutionPolicy unrestricted"
  9. Run install.ps1 from the Flare-VM ZIP that you downloaded.
  10. The process takes ~3 hours, but it is automated. Happy hunting :)