Forensics Reverse Engineering

flare-vm: Windows-based security distribution for malware analysis, incident response, penetration testing

do son November 15, 2018 No Comments flare-vm

FLARE VM – a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.

Installed Tools

Debuggers

  • OllyDbg + OllyDump + OllyDumpEx
  • OllyDbg2 + OllyDumpEx
  • x64dbg
  • WinDbg

Disassemblers

  • IDA Free
  • IDA Free 7.0 (x64 bit only)
  • Binary Ninja Demo
  • Radare2 framework
  • Cutter — GUI frontend for Radare2

Java

  • JD-GUI
  • dex2jar

Visual Basic

  • VBDecompiler

Flash

  • FFDec

.NET

  • ILSpy
  • DNSpy
  • DotPeek
  • De4dot

Office

  • Offvis

PDF

  • pdfid
  • pdf-parser
  • PdfStreamDumper

Hex Editors

  • FileInsight
  • HxD
  • 010 Editor

PE

  • PEiD
  • ExplorerSuite (CFF Explorer)
  • PEview
  • DIE
  • PeStudio
  • LordPE
  • Resource Hacker

Text Editors

  • SublimeText3
  • Vim
  • Notepad++

Utilities

  • MD5
  • 7zip
  • Putty
  • Wireshark
  • RawCap
  • Wget
  • UPX
  • SysAnalyzer
  • Process Hacker
  • Sysinternals Suite
  • Kernel-Mode driver loader
  • API Monitor
  • SpyStudio
  • Checksum
  • Unxutils
  • YARA
  • Cyber Chef
  • shellcode_launcher
  • Py2ExeDecompiler

Python, Modules, Tools

  • Python 2.7
  • Hexdump
  • PEFile
  • Winappdbg
  • FakeNet-NG
  • Vivisect
  • FLOSS
  • FLARE_QDB
  • PyCrypto
  • Cryptography

Other

  • VC Redistributable Modules (2008, 2010, 2012, 2013, 2015, 2017)
  • Practical Malware Analysis Labs
  • MAP — Malcode Analyst Pack

Installation

Clone the repo

git clone https://github.com/fireeye/flare-vm.git

Create and configure a new Windows 7 or newer Virtual Machine. To install FLARE VM on an existing Windows VM, download and copy install.ps1 on your analysis machine. On the analysis machine open PowerShell as an Administrator and enable script execution by running the following command:

Set-ExecutionPolicy Unrestricted

Finally, execute the installer script as follows:

.\install.ps1

The script will set up the Boxstarter environment and proceed to download and install the FLARE VM environment. You will be prompted for the Administrator password in order to automate host restarts during installation.

Installing a new package

FLARE VM uses the chocolatey public and custom FLARE package repositories. It is easy to install a new package. For example, enter the following command as Administrator to deploy x64dbg on your system:

cinst x64dbg

Staying up to date

Type the following command to update all of the packages to the most recent version:

cup all

Source: https://github.com/fireeye/

Share