My RE Setup

Here is a quick run down of what I have setup for any malware analysis vms. I utilize 2 primary vms running in VirtualBox. Before FireEye Flare I was just running a normal Windows 7 image with my necessary tools. After Flare was released, this is now my primary Windows vm. I also run Remnux along side Flare. While you can do a good portion of your work from a single vm, I opt in to using Remnux for any python tools being utilized for RE. Just me but I find this easier.

Reminder once you have everything the way you like it, export the appliance to keep a backup and also create a snapshot to revert after any analysis on that vm. read more

FireEye Flare REM

A few weeks back the FireEye team released their version of a REM box called “Flare”. A customizable vm for analyzing malware. Has a full suite of tools installed from:

* OllyDbg + OllyDump + OllyDumpEx
* OllyDbg2 + OllyDumpEx
* x64dbg
* WinDbg

Disassemblers ====

* IDA Free
* Binary Ninja Demo

Java ====

Visual Basic ====
* VBDecompiler

Flash ====
* FFDec

.NET ====
* ILSpy
* DNSpy
* DotPeek
* De4dot

Office ====
* Offvis

Hex Editors ====
* FileInsight
* HxD
* 010 Editor read more

Practical Malware Analysis

Anyone looking into RE, I’d highly suggest `Practical Malware Analysis` by Michael Sikorski. You can find this book on Amazon here! I was also able to obtain a copy from Humble Bundle when the they had a security offering. I’d highly suggest checking them out too, great company doing greater things.

This book has good info on setting up your env safely and working the labs provided which you can find here:



The lab binaries contain malicious code and you should not install or run these programs without first setting up a safe environment. read more

Cuckoo Sandbox Installation and Setup

My Cuckoo Sandbox Setup and installation guide.

This is my attempt to help install and configure Cuckoo Sandbox. Cuckoo is a sandbox which allows you to analyze Malware on a systems from Windows to Linux and even OSX! This is a great tool to see what a file/url or hash will do when detonated in any environment. Open-Sourced but was a bit confusing setting up so thought this might help.

I am running Cuckoo Sandbox on Ubuntu Desktop 14.04 LTS using VirtualBox.

Installation of Ubuntu will follows as any normal installation. Installing CuckooSandbox is a different story. read more