Cybersecurity Tool: Malware Virtual Machines (Remnux & FlareVM)

Поділитися
Вставка
  • Опубліковано 7 січ 2025

КОМЕНТАРІ • 60

  • @thefrub
    @thefrub Рік тому +3

    Yes! Keep specializing on knowledge like this and make a name for yourself

    • @MyDFIR
      @MyDFIR  Рік тому

      That's the plan!

  • @ReverseShell1337
    @ReverseShell1337 Рік тому +3

    Can you do a video on the different virtual box network configurations? Like what’s safe and what’s not. And how to communicate with other virtual machines in a safe environment

    • @MyDFIR
      @MyDFIR  Рік тому

      Hey! I’ve actually created a video which is part 2 of my lab. Let me know if this was what you are looking for. Otherwise I’ll see what I can do!

  • @bulba888
    @bulba888 7 місяців тому +4

    After VirtualBox failed me too many times, doing Remnux and Flare on VMware now, so smooth so far, so little config comparing to VirtualBox

    • @v0sepr
      @v0sepr 2 місяці тому

      How did it fail?

  • @callmebigpapa
    @callmebigpapa Рік тому +1

    This channel just get better with every video! Great stuff, thanks for sharing. Do you think these would better on a dedicate machine that is air gap?

    • @MyDFIR
      @MyDFIR  Рік тому

      Thanks! When it comes it malware analysis, it would be safer to perform it within an air-gapped environment.

  • @KingOsmium
    @KingOsmium 8 місяців тому

    Sorry for double posting, I had initially thought my original post didn't go through, rather than perhaps the post being in a queue. my bad!

    • @MyDFIR
      @MyDFIR  8 місяців тому +1

      All good! You could try and use the -no checksum flag that the error had mentioned. See if that works for you or take a look at FlareVMs documentation on github to see if this is an expected error 👍

    • @KingOsmium
      @KingOsmium 8 місяців тому

      @@MyDFIR So it turns out, the extra solution to this is I had to turn off every possible Windows defense. I not only did what you instructed, but to add to that, I also shut off the other options in windows defender, PLUS I shut off the firewalls as well. But thanks a lot for the alternative tips!

  • @arkan7rb
    @arkan7rb 3 місяці тому

    i tried to disable defender throw policy but it still turned itself on why specific way to disable it ?

  • @Jouss3ph
    @Jouss3ph 2 місяці тому

    I have a software that checks for cpu temperature on the VM ! how to spoof it ?

  • @Kerewuwa
    @Kerewuwa 3 місяці тому

    How to use malware for phishing email,checking pdt,nd url
    Pls help

  • @marveyvalentine3884
    @marveyvalentine3884 3 місяці тому

    How did you navigate the directory?

  • @eldean0
    @eldean0 11 місяців тому

    Do you have video that shows how to set network mode like you mentioned VM only, and also how to do snapshots ?

    • @MyDFIR
      @MyDFIR  11 місяців тому

      Yeah, if you check out my home lab series I show you how to do just that. ❤️

  • @daniel_uba
    @daniel_uba Рік тому +1

    Much appreciated sir

  • @BornWinnersNetworkWebTV
    @BornWinnersNetworkWebTV 10 місяців тому

    I am trying to install flare vm onto an Oracle VM, not seeing the shortcut on desktop. Updates paused, and settings for firewall set as per video. What am I doing incorrect?

    • @MyDFIR
      @MyDFIR  10 місяців тому +1

      That is tough to troubleshoot without seeing exactly what you did but you can follow these steps here and that should help you.
      github.com/mandiant/flare-vm - follow the "Installation instruction" section

  • @KingOsmium
    @KingOsmium 8 місяців тому

    hey man! So I'm trying to install flareVM, and I'm getting errors. I'm trying it both on windows 10 and 11. For 11, It says something about me not having permission over [Nuget] file paths? And as for windows 10, I get errors like "2024/04/17 20:50:02 [blobrunner64.vm] vm.common.psm1 [+] ERROR : Checksum for 'C:\Users\vboxuser\AppData\Local\ChocoCache\blobrunner64.vm\0.0.5.20240411\blobrunner64.zip' did not meet '325e3e26ccdce53cdd8b6665c7ed7d1765fc1c56cd088a5b4433593682c9f503' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary." This is happening with a few of the packages while some download successfully. Any thoughts and/or solutions?

    • @MyDFIR
      @MyDFIR  8 місяців тому +2

      Try out the -ignore-checksum flag 👍

  • @naar-e-almaas
    @naar-e-almaas 4 місяці тому

    Sir! is FlameVM GUI based and Remnux CLI based...if not then correct me! Which one would be best for beginners for malware detection....kindly help Sir. Thanks!

    • @MyDFIR
      @MyDFIR  4 місяці тому

      In addition to GUI and CLI, flare is Windows and Remnux for Linux - they both are good for malware analysis and serve different purposes. Best to learn both

    • @naar-e-almaas
      @naar-e-almaas 4 місяці тому

      @@MyDFIR thank you so much sir

  • @whoami-ty1kp
    @whoami-ty1kp 6 місяців тому

    Is docker free? I mean, my computer only has 8gb ram. I'm already using kali and ubuntu. And installing more OS wouldn't be working in my case ig?
    What do you suggest?

    • @MyDFIR
      @MyDFIR  6 місяців тому +1

      Yeah Docker is free but with 8 GB RAM there is only so much you can do unfortunately. What I would suggest is look into upgrading your equipment or purchase used equipment and go from there if you're thinking about this long term. You can also use the cloud with free credits.

  • @SoCyber-n5k
    @SoCyber-n5k 10 місяців тому

    How can we configure Wazuh working with them in the VM?

    • @MyDFIR
      @MyDFIR  10 місяців тому

      Absolutely

    • @SoCyber-n5k
      @SoCyber-n5k 10 місяців тому

      So, will he work if I configure my internal network by changing my VM network setup? I got stuck with wazuh agent

    • @MyDFIR
      @MyDFIR  10 місяців тому +1

      You would create Wazuh on prem and have your agent installed on FlareVM. Make sure they are on the same network

  • @Abhi_JW999
    @Abhi_JW999 Рік тому

    Hi bro, I got a doubt ,lets say you have a malware sample which is password protected on your local system,I want to copy that file to REMnux for analysis,how do i do that ?

    • @MyDFIR
      @MyDFIR  Рік тому

      There are many ways to do this, some create a file share, scp, or open a python http service on your host and have remnux download the file there.
      Before analyzing the malware on Remnux be sure to change your network settings to be on the safe side.

    • @Abhi_JW999
      @Abhi_JW999 Рік тому

      @@MyDFIR Okay thanks! Is it safe to keep the network host-only in VM ?

  • @kevinkeo04
    @kevinkeo04 10 місяців тому

    So i have been trying to install flarevm on a hyper-v vm and its been erroring out on me recently.

    • @MyDFIR
      @MyDFIR  10 місяців тому +1

      Strange, what error are you getting?

    • @kevinkeo04
      @kevinkeo04 10 місяців тому

      @@MyDFIRFigured out what the error was. Thanks for the response

  • @kirkreiglori2434
    @kirkreiglori2434 Рік тому +1

    Super vid!

  • @cyberintelsource
    @cyberintelsource 5 місяців тому

    Running scripts aren't the most fun, but they can expedite the process with Malware Analysis.

    • @MyDFIR
      @MyDFIR  5 місяців тому +1

      Agreed! Thanks for sharing 🙌

    • @cyberintelsource
      @cyberintelsource 5 місяців тому

      ​@@MyDFIRI can't get the .\install.ps1 to work. Any idea on what I did wrong.

    • @MyDFIR
      @MyDFIR  5 місяців тому +1

      What error are you getting? Here is the official github documentation in case some of the steps were updated since the video: github.com/mandiant/flare-vm

    • @cyberintelsource
      @cyberintelsource 5 місяців тому

      @@MyDFIR Thanks. It says .\install.ps1 is not a recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the path, name, or of the path was included. Here is the command and script I used below
      C:\users\vboxuser\desktop>.\install.ps1

    • @MyDFIR
      @MyDFIR  5 місяців тому +1

      Ah, where is your install.ps1 located? make sure you're in the same directory as the file and what I like to do is type in "inst" and hit "tab" for autocompletion just to make sure PowerShell recognizes the file.

  • @ZodMagus
    @ZodMagus Рік тому

    Not seeing the command for flare anywhere bro

    • @MyDFIR
      @MyDFIR  Рік тому +1

      I am so sorry! I’ve updated the description and here is the command
      (New-Object net.webclient).DownloadFile('raw.githubusercontent.com/mandiant/flare-vm/main/install.ps1',"install.ps1")

    • @GokuG-k2s
      @GokuG-k2s Рік тому +1

      After running this command, it seems like it worked but i cannot find the file to unblock-it :/ @@MyDFIR

    • @linpad_thequiet6089
      @linpad_thequiet6089 Рік тому +3

      The link to the flare vm download isn’t working, do you have an alternative link? And if so please send it, God bless :)

  • @L0d3wyckx
    @L0d3wyckx 11 місяців тому

    are this tools similar to ghidra?

    • @MyDFIR
      @MyDFIR  11 місяців тому +1

      These are VMs that come with tools installed. Ghidra is a tool for reverse engineering and should be included in these VMs

    • @L0d3wyckx
      @L0d3wyckx 11 місяців тому

      Thank you

  • @javagamesfanclub5650
    @javagamesfanclub5650 Місяць тому

    Flare vm downloading is too slow i mean really fkn slow its been almost 5 hours and its still not done

  • @TwinTailTerror
    @TwinTailTerror 7 місяців тому

    nobody i know can get the remnux working on proxmox if ya know how do a video on that.

    • @MyDFIR
      @MyDFIR  7 місяців тому

      👀 any reason why that is? Proxmox is just a hypervisor - download and install Ubuntu then setup Remnux from scratch 👍 that should work

    • @TwinTailTerror
      @TwinTailTerror 7 місяців тому

      @@MyDFIR short answer i have 0 idea
      it stalls from scratch around number 7 instruction wise

    • @TwinTailTerror
      @TwinTailTerror 6 місяців тому

      @@MyDFIR ya thats not how this works man, i have had 10 ppl do it and its a no go. if you do from scratch it stalls if you do from official vm it black screens its curious

    • @MyDFIR
      @MyDFIR  6 місяців тому

      @@TwinTailTerror Here is a link that looks promising. I don't have a Proxmox server in hand to try it out - digiforensics.blogspot.com/2021/04/running-remnux-on-proxmox-server.html

    • @TwinTailTerror
      @TwinTailTerror 6 місяців тому

      @@MyDFIR same thing i think thats to old that was 7.1 i have 8 it still boots but only once nobody can figure out why (this is not a just me thing) ty anyway i guess i was just asking around.

  • @arkan7rb
    @arkan7rb 3 місяці тому

    btw way thanks for the video