0
1
00:00:10,920 --> 00:00:17,340
welcome back to another video.  In this session we are going to talk about setting up the
1

2
00:00:17,340 --> 00:00:19,030
tools in your malware testing lab.
2

3
00:00:19,050 --> 00:00:23,250
I'm assuming that you were successful at setting up your virtual environment either using a Windows
3

4
00:00:23,250 --> 00:00:25,050
7 or a Windows 10 machine.
4

5
00:00:25,080 --> 00:00:28,670
In my case I'm using Windows 7 machine as my virtual environment.
5

6
00:00:28,810 --> 00:00:33,060
And the next step would be to setting up the malware tools in your testing.
6

7
00:00:33,270 --> 00:00:35,010
So how do we go ahead and do it.
7

8
00:00:35,250 --> 00:00:41,490
Well we can either do it one by one like let's say in the later videos if we start working with
8

9
00:00:41,510 --> 00:00:47,780
PDF files then we can download the specific tools that might be required to analyze PDF files.
9

10
00:00:47,910 --> 00:00:53,160
The other way is to use the FLARE VM, which is a tool provided by FireEye.
10

11
00:00:53,310 --> 00:00:59,760
This basically automatically downloads a bunch of security tools onto your virtual machine.
11

12
00:00:59,760 --> 00:01:06,270
It's not a very exhaustive list it's but it still contains a lot of important tools that you can use
12

13
00:01:06,480 --> 00:01:11,520
while we are analyzing malicious malware or malicious files etc..
13

14
00:01:12,240 --> 00:01:14,270
So how do we go ahead and do that.
14

15
00:01:15,050 --> 00:01:17,240
Here is my virtual
15

16
00:01:17,290 --> 00:01:24,490
Windows 7 environment. You can basically go to github. com/FireEye/ flare-vm and
16

17
00:01:24,490 --> 00:01:30,090
you can go to the top. You can click on clone or download and click on download zip.
17

18
00:01:30,220 --> 00:01:32,470
This will download the zip file on your machine.
18

19
00:01:32,620 --> 00:01:39,910
You can then extractor its components and you'll see that it contains a bunch of powershell scripts that you
19

20
00:01:39,910 --> 00:01:43,880
can use to install all the different tools on your machine.
20

21
00:01:44,200 --> 00:01:50,400
If you scroll down you'll also see that there is an installation instruction that has been mentioned.
21

22
00:01:50,440 --> 00:01:54,850
It's pretty easy to install You don't have to do anything you just have to run these two commands.
22

23
00:01:55,180 --> 00:01:59,070
And to run them you need powershell on your Windows environment.
23

24
00:01:59,080 --> 00:02:02,740
So let's quickly launch powershell.
24

25
00:02:02,900 --> 00:02:09,650
It's better to just run it as an admin so that if there are any higher privileges required and it shouldn't
25

26
00:02:09,650 --> 00:02:18,330
be an issue for our tool.
26

27
00:02:18,560 --> 00:02:28,090
So we go to the directory where all the files are located and all we do is the first pass set the exaction
27

28
00:02:28,090 --> 00:02:28,810
policy.
28

29
00:02:28,870 --> 00:02:32,920
Unrestricted.
29

30
00:02:32,940 --> 00:02:34,080
Yes.
30

31
00:02:34,380 --> 00:02:43,640
And once that is done maybe we'll run the powershell script to begin the installation.
31

32
00:02:45,030 --> 00:02:52,130
So once the installation starts, it will take couple of minutes to have everything set up on your machine.
32

33
00:02:52,310 --> 00:02:57,660
But once the installation is done you'll basically see a folder called FLARE created on your desktop
33

34
00:02:57,810 --> 00:03:03,660
and it we'll have bunch of analysis tools in your environment that are very useful tools.
34

35
00:03:03,660 --> 00:03:08,180
You can see there are few tools for PDF file analysis, there are a few for office file analysis
35

36
00:03:08,190 --> 00:03:11,460
there are Hex Editors, there are disassemblers there are debuggers.
36

37
00:03:11,610 --> 00:03:15,720
All these tools are really handy and we are definitely going to need them in some point or the other
37

38
00:03:15,720 --> 00:03:17,640
in later stages of the video.
38

39
00:03:17,820 --> 00:03:22,050
And if there is something which is not present here, we can  obviously go ahead and download them
39

40
00:03:22,050 --> 00:03:24,300
and work as we need.
40

41
00:03:24,300 --> 00:03:29,430
So this was a quick video to tell you about how you can set up all the different analysis tools in your
41

42
00:03:29,430 --> 00:03:31,680
environment. That's all for today.
42

43
00:03:31,680 --> 00:03:32,030
Thanks.