Setting Up Labs

VM Settings prerequisites

gpedit

  1. First do ‘Win + R’ and type gpedit.msc

But we get this error,

  1. Run Powershell as administrator.

  2. So, do these two cmd one-by-one,

FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~*.mum") DO (DISM /Online /NoRestart /Add-Package:"%F")

FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~*.mum") DO (DISM /Online /NoRestart /Add-Package:"%F")

  1. Type gpedit in powershell.

  2. Now go Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus

  1. Turn off Microsoft Defender.

Set that to ‘Enabled’. Then Apply > OK.

  1. Now in Microsoft Defender Antivirus > Real-time protection . Turn it off.

Set that to ‘Enabled’. Then Apply > OK.

  1. Lastly Restart the VM.

Flare VM

  1. Go to FlareVM .

  2. Open a PowerShell prompt as administrator.

  3. Do cd C:\Users\miche\Desktop

  1. Download the installation script [installer.ps1](https://raw.githubusercontent.com/mandiant/flare-vm/main/install.ps1) to your Desktop: (New-Object net.webclient).DownloadFile('https://raw.githubusercontent.com/mandiant/flare-vm/main/install.ps1',"$([Environment]::GetFolderPath("Desktop"))\install.ps1")

  2. Unblock the installation script: Unblock-File .\install.ps1

  3. Enable script execution:Set-ExecutionPolicy Unrestricted -Force

  4. Finally, execute the installer script as follow: .\install.ps1. But it shows a following error that Defender is not disabled, something we did earlier in gpedit.

To resolve this, move to next section.

disable-defender.ps1

  1. Visit this link and download ‘disable-defender.ps1’ in your VM.

  2. Open a PowerShell prompt as administrator.

  3. Do cd C:\Users\miche\Desktop

  4. Run .\disable-defender.ps1

  1. Now simply restart the VM

  2. Run .\install.ps1 (the one from flare vm). It takes a lot of time.

  3. Type in ‘y’ in option in order to continue.

  1. Then a GUI pop-up shows and we might as well install all the s/w and tools. So to do that press the last button - “ >>”, in order to install all.

  1. FINALLY after so long, this is the end of the installation.

  1. Change Network Adapter option to ‘Host Only’.

PreviousPrerequisites for Lab Set-UpNextDownload Sample Malware Exercises

Last updated