0
1
00:00:10,180 --> 00:00:15,310
Hello Friends Welcome back to the course in this video we are going to talk about setting up your own
1

2
00:00:15,310 --> 00:00:16,880
malware testing lab.
2

3
00:00:16,990 --> 00:00:19,060
So what are we really going to do here.
3

4
00:00:19,120 --> 00:00:22,090
We are going to set up a separate virtual environment.
4

5
00:00:22,450 --> 00:00:26,260
So a lot of times we only have one system at our disposal.
5

6
00:00:26,380 --> 00:00:31,980
So having a separate work environment kind of creates different environments within the same box.
6

7
00:00:32,080 --> 00:00:36,940
You have your own main operating system and you have a separate virtual environment where you can do
7

8
00:00:36,940 --> 00:00:43,970
your malware analysis work. A separate guest OS to manage all the tools and samples at one place.
8

9
00:00:43,970 --> 00:00:49,610
So again once you have a separate virtual environment ready you can have all your tools, all your malware
9

10
00:00:49,610 --> 00:00:55,510
samples and everything located centrally and you don't really have to search for them here and there.
10

11
00:00:55,520 --> 00:01:00,460
And if you have antivirus programs running on your main operating system it's not really going to
11

12
00:01:00,460 --> 00:01:01,260
interfere with
12

13
00:01:01,640 --> 00:01:03,460
Your malware lab.
13

14
00:01:03,470 --> 00:01:08,720
The traffic that originates from your malware lab might get intercepted by the anti-virus running
14

15
00:01:08,720 --> 00:01:10,310
on your host operating system.
15

16
00:01:10,310 --> 00:01:16,360
But apart from that the files and other software and tools that are out there in your virtual machine
16

17
00:01:16,360 --> 00:01:19,660
will not be impacted by any anti-virus that it running
17

18
00:01:19,680 --> 00:01:26,690
in your host operating system. Any infection that happens in your virtual environment can easily be reverted
18

19
00:01:26,690 --> 00:01:28,430
back to a clean state.
19

20
00:01:28,430 --> 00:01:34,400
So what I mean by that is, let's say you have set up your virtual machine you have downloaded all the
20

21
00:01:34,400 --> 00:01:40,460
tools then before you begin any analysis the first thing to do is take a snapshot of that virtual image
21

22
00:01:40,610 --> 00:01:46,980
so that you have a clean state where you can always revert back just in case if your machine gets infected
22

23
00:01:47,390 --> 00:01:52,760
and that is definitely going to happen when we are going to analyze malware by dynamically executing
23

24
00:01:52,760 --> 00:01:54,640
them in different debuggers.
24

25
00:01:56,670 --> 00:01:59,340
So what would be the lab requirements here.
25

26
00:01:59,340 --> 00:02:03,210
So you'll have to download a Windows 7 or a Windows 10 ISO image.
26

27
00:02:03,240 --> 00:02:05,540
There are a bunch of resources how you can do it.
27

28
00:02:05,550 --> 00:02:11,640
You can even get the images downloaded directly from Microsoft's official website. Both these operating
28

29
00:02:11,640 --> 00:02:13,050
systems would be ideal.
29

30
00:02:13,050 --> 00:02:18,660
But if you want to use Windows XP I would highly discourage that because that is the support for that
30

31
00:02:18,660 --> 00:02:22,770
operating system has now been stopped by Microsoft and it's very old.
31

32
00:02:22,860 --> 00:02:28,570
So it will be ideal to start with either Windows 7 or Windows 10 ISO image.
32

33
00:02:28,740 --> 00:02:36,970
You can download it from internet or from Microsoft's Web site and you can begin setting up your environment.
33

34
00:02:36,990 --> 00:02:40,350
You would also need the Vmware which is licensed tool that
34

35
00:02:40,400 --> 00:02:43,650
Will that help you set up your virtualization environment.
35

36
00:02:43,650 --> 00:02:48,480
If you don't want to use VMware,  you can also use Virtual Box which is free of cost and it can help
36

37
00:02:48,480 --> 00:02:55,740
you in using your Windows 7 downloaded images and converting it into an actual virtual environment for
37

38
00:02:55,740 --> 00:02:56,120
you.
38

39
00:02:57,460 --> 00:03:03,550
So once you have the image and your virtualization software ready you can load the image and run the
39

40
00:03:03,550 --> 00:03:06,220
iso's to set up your environment.
40

41
00:03:06,220 --> 00:03:12,070
I want to leave this as an exercise for you and there are a lot of very good resources that are available
41

42
00:03:12,070 --> 00:03:19,840
online that you can read and see how you can set up a Malware lab using your virtual environment.
42

43
00:03:20,020 --> 00:03:28,360
I would recommend reading a blog written by Lanny Zelster which talks about how we can set up the malware
43

44
00:03:28,360 --> 00:03:30,750
lab in just five simple steps.
44

45
00:03:31,180 --> 00:03:35,310
So go ahead read these resources and try and setting up your lab.
45

46
00:03:35,320 --> 00:03:38,290
This is not going to be very complicated.
46

47
00:03:38,290 --> 00:03:39,640
It's a very simple step.
47

48
00:03:39,640 --> 00:03:45,070
All you have to do is download the image,  download the virtualization software, load those in the image
48

49
00:03:45,070 --> 00:03:46,740
and you are all set to go.
49

50
00:03:46,930 --> 00:03:52,650
So go ahead and perform all these steps and once you're ready let's get to the next video.