My RE Setup

Here is a quick run down of what I have setup for any malware analysis vms. I utilize 2 primary vms running in VirtualBox. Before FireEye Flare I was just running a normal Windows 7 image with my necessary tools. After Flare was released, this is now my primary Windows vm. I also run Remnux along side Flare. While you can do a good portion of your work from a single vm, I opt in to using Remnux for any python tools being utilized for RE. Just me but I find this easier.

Reminder once you have everything the way you like it, export the appliance to keep a backup and also create a snapshot to revert after any analysis on that vm. read more

FireEye Flare REM

A few weeks back the FireEye team released their version of a REM box called “Flare”. A customizable vm for analyzing malware. Has a full suite of tools installed from:

Debuggers
———
* OllyDbg + OllyDump + OllyDumpEx
* OllyDbg2 + OllyDumpEx
* x64dbg
* WinDbg

Disassemblers ====

* IDA Free
* Binary Ninja Demo

Java ====
* JD-GUI

Visual Basic ====
* VBDecompiler

Flash ====
* FFDec

.NET ====
* ILSpy
* DNSpy
* DotPeek
* De4dot

Office ====
* Offvis

Hex Editors ====
* FileInsight
* HxD
* 010 Editor read more