Skip to content

Latest commit

 

History

History
152 lines (111 loc) · 5.63 KB

VM_Setup.md

File metadata and controls

152 lines (111 loc) · 5.63 KB

VMware Setup for Malware Analysis Lab

This guide provides instructions for setting up a malware analysis lab using VMware, with two virtual machines: one running Kali Linux for offensive tools and analysis, and the other running Windows for testing and analyzing malware samples.

Table of Contents

  1. System Requirements
  2. VMware Installation
  3. Setting up Kali Linux
  4. Setting up Windows
  5. Networking Configuration
  6. Snapshots for Analysis
  7. Important Tips

System Requirements

Before setting up the lab, ensure your system meets the following requirements:

  • Host Operating System: Windows 10 or Linux
  • RAM: Minimum 16 GB (8 GB per VM recommended)
  • Disk Space: At least 100 GB free
  • Processor: Multi-core processor with virtualization support (Intel VT-x or AMD-V)
  • Software: VMware Workstation or VMware Player

VMware Installation

Download VMware:

Install VMware:

  1. Run the installer and follow the on-screen instructions.
  2. Accept the license agreement.
  3. Choose a default install location.
  4. Complete the installation and reboot your system if necessary.

Setting up Kali Linux

Download Kali Linux ISO:

  • Visit the Kali Linux website and download the latest ISO image.
  • Choose the 64-bit installer.

Create a New VM in VMware:

  1. Open VMware Workstation or Player.
  2. Click Create a New Virtual Machine.
  3. Select Installer disc image file (ISO) and browse to the downloaded Kali ISO.
  4. Choose Linux as the guest OS and select Debian 10.x 64-bit as the version.

Configure VM Settings:

  • Memory: Set at least 4 GB (recommended 8 GB).
  • Processors: Assign 2 cores for better performance.
  • Disk: Allocate at least 40 GB of disk space for Kali.

Install Kali Linux:

  1. Start the VM and follow the on-screen installation instructions.
  2. Configure network settings (select Host-Only or NAT).
  3. Set up a root password during installation.

Post-Installation Setup:

Once installed, update Kali using the following commands:

sudo apt update
sudo apt upgrade

Install additional tools required for analysis:

sudo apt install yara

Setting up Windows

Obtain Windows ISO:

  • Download a legitimate Windows 10 or 11 ISO from Microsoft's website here.
  • If you already have a Windows license key, you can activate it later.

Create a New Windows VM in VMware:

  1. Open VMware and create a new virtual machine.
  2. Select Installer disc image file (ISO) and browse to the Windows ISO.
  3. Choose Windows 10 or Windows 11 as the guest OS.

Configure VM Settings:

  • Memory: Set at least 4 GB.
  • Processors: Assign 2 cores for Windows to run smoothly.
  • Disk: Allocate 60 GB of disk space.

Install Windows:

  1. Start the VM and follow the installation process.
  2. Choose Custom Installation and allocate disk space.
  3. Once installed, configure network settings (choose Host-Only or NAT).

Install Necessary Tools for Malware Analysis:

Install the following malware analysis tools:

  • Process Hacker
  • PEiD
  • ApateDNS (for DNS redirection)

Make sure to disable any automatic updates and antivirus features to prevent interference during analysis.

Networking Configuration

Host-Only Network:

This allows your VMs to communicate with each other and your host machine, but prevents them from accessing the internet.

  • Go to VMware settings for each VM and select Host-Only under network adapters.

NAT Mode:

Use NAT mode when you need internet access from your VMs (for downloading tools or samples).

  • Configure your Kali Linux VM to use NAT mode for external access.

Isolated Network:

For safer malware analysis, keep your VMs isolated from both the host and the internet by using an isolated virtual network.

Snapshots for Analysis

Before starting malware analysis, take a snapshot of both the Kali and Windows VMs.

Kali Linux Snapshot:

  1. In VMware, right-click your Kali VM and select Snapshot > Take Snapshot.
  2. Name it something like Clean Kali.

Windows Snapshot:

  1. Do the same for your Windows VM, naming it Clean Windows.

Taking snapshots allows you to quickly revert to a clean state after completing malware analysis.

Important Tips

  • Disable Shared Folders: Ensure shared folders between your host and VMs are disabled to prevent malware from escaping the VM.
  • Revert to Snapshot After Each Analysis: Always revert to your clean snapshots after each malware analysis session.
  • Use Virtual Network Isolation: When analyzing particularly dangerous malware, ensure your VMs are isolated from both the host and the internet.
  • Update Tools Regularly: Keep your analysis tools up-to-date to catch the latest malware techniques.

With this setup, you will have a safe and efficient malware analysis environment using VMware and virtual machines. This lab will allow you to conduct both static and dynamic malware analysis with the right tools and proper isolation for security.

How to Contribute

  1. Fork the repository.
  2. Create a new branch (git checkout -b feature/new-feature).
  3. Commit your changes (git commit -am 'Add new feature').
  4. Push to the branch (git push origin feature/new-feature).
  5. Open a Pull Request.