Malware Handbook
  • Preface
  • Author
  • Prerequisites for Malware
  • Prerequisites for Lab Set-Up
  • Setting Up Labs
  • Download Sample Malware Exercises
  • Intro to Assembly Language
  • Assembly Language Basics
  • Commonly Used Instructions
  • Win32 Assembly Programming
  • PE Format
    • PE32
    • PE32+
  • Malware
    • Types of Malware
    • Malware Classification by Windows Defender
    • Sourcing Malware
  • Malware Development
  • Malware Analysis
    • Malware Analysis Methodologies
      • Static Analysis
        • Static Analysis Tools/Methods
        • Static Analysis of Sample Files
      • Dynamic Analysis
        • Dynamic Analysis Tools/Methods
        • Analyzing Files with Regshot, Process Monitor, and Wireshark
        • Analyzing calc.exe and Network Activity
      • Manual Code Reversing
        • Reverse Engineering Simple Windows Executable Files
        • Reverse Engineering re_lotsastuff.exe
        • Reverse Engineering re_lotsastuff.exe Using Ghidra
      • Analyzing PowerShell Scripts
      • Analyzing JavaScript Samples
        • Analyzing JavaScript in HTML
      • Analyzing Macro Code in Office Documents
      • Setting Up REMnux Environment
        • Setting Up and Configuring FakeNet in REMnux
      • Analyzing an ELF File
      • Analyzing ASPX Webshells
      • Analyzing JAR Files
    • SAMPLE NOTES (of Notes.txt)
Powered by GitBook
On this page
  • VM Settings prerequisites
  • gpedit
  • Flare VM
  • disable-defender.ps1

Setting Up Labs

PreviousPrerequisites for Lab Set-UpNextDownload Sample Malware Exercises

Last updated 1 year ago

VM Settings prerequisites

gpedit

  1. First do ‘Win + R’ and type gpedit.msc

But we get this error,

  1. Run Powershell as administrator.

  2. So, do these two cmd one-by-one,

FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~*.mum") DO (DISM /Online /NoRestart /Add-Package:"%F")

FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~*.mum") DO (DISM /Online /NoRestart /Add-Package:"%F")
  1. Type gpedit in powershell.

  2. Now go Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus

  1. Turn off Microsoft Defender.

Set that to ‘Enabled’. Then Apply > OK.

  1. Now in Microsoft Defender Antivirus > Real-time protection . Turn it off.

Set that to ‘Enabled’. Then Apply > OK.

  1. Lastly Restart the VM.

Flare VM

  1. Open a PowerShell prompt as administrator.

  2. Do cd C:\Users\miche\Desktop

  1. Download the installation script [installer.ps1](https://raw.githubusercontent.com/mandiant/flare-vm/main/install.ps1) to your Desktop: (New-Object net.webclient).DownloadFile('https://raw.githubusercontent.com/mandiant/flare-vm/main/install.ps1',"$([Environment]::GetFolderPath("Desktop"))\install.ps1")

  2. Unblock the installation script: Unblock-File .\install.ps1

  3. Enable script execution:Set-ExecutionPolicy Unrestricted -Force

  4. Finally, execute the installer script as follow: .\install.ps1. But it shows a following error that Defender is not disabled, something we did earlier in gpedit.

To resolve this, move to next section.

disable-defender.ps1

  1. Open a PowerShell prompt as administrator.

  2. Do cd C:\Users\miche\Desktop

  3. Run .\disable-defender.ps1

  1. Now simply restart the VM

  2. Run .\install.ps1 (the one from flare vm). It takes a lot of time.

  3. Type in ‘y’ in option in order to continue.

  1. Then a GUI pop-up shows and we might as well install all the s/w and tools. So to do that press the last button - “ >>”, in order to install all.

  1. FINALLY after so long, this is the end of the installation.

  1. Change Network Adapter option to ‘Host Only’.

Go to .

Visit this and download ‘disable-defender.ps1’ in your VM.

FlareVM
link