Can you do a video on the different virtual box network configurations? Like what’s safe and what’s not. And how to communicate with other virtual machines in a safe environment
All good! You could try and use the -no checksum flag that the error had mentioned. See if that works for you or take a look at FlareVMs documentation on github to see if this is an expected error 👍
@@MyDFIR So it turns out, the extra solution to this is I had to turn off every possible Windows defense. I not only did what you instructed, but to add to that, I also shut off the other options in windows defender, PLUS I shut off the firewalls as well. But thanks a lot for the alternative tips!
I am trying to install flare vm onto an Oracle VM, not seeing the shortcut on desktop. Updates paused, and settings for firewall set as per video. What am I doing incorrect?
That is tough to troubleshoot without seeing exactly what you did but you can follow these steps here and that should help you. github.com/mandiant/flare-vm - follow the "Installation instruction" section
hey man! So I'm trying to install flareVM, and I'm getting errors. I'm trying it both on windows 10 and 11. For 11, It says something about me not having permission over [Nuget] file paths? And as for windows 10, I get errors like "2024/04/17 20:50:02 [blobrunner64.vm] vm.common.psm1 [+] ERROR : Checksum for 'C:\Users\vboxuser\AppData\Local\ChocoCache\blobrunner64.vm\0.0.5.20240411\blobrunner64.zip' did not meet '325e3e26ccdce53cdd8b6665c7ed7d1765fc1c56cd088a5b4433593682c9f503' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary." This is happening with a few of the packages while some download successfully. Any thoughts and/or solutions?
Sir! is FlameVM GUI based and Remnux CLI based...if not then correct me! Which one would be best for beginners for malware detection....kindly help Sir. Thanks!
In addition to GUI and CLI, flare is Windows and Remnux for Linux - they both are good for malware analysis and serve different purposes. Best to learn both
Is docker free? I mean, my computer only has 8gb ram. I'm already using kali and ubuntu. And installing more OS wouldn't be working in my case ig? What do you suggest?
Yeah Docker is free but with 8 GB RAM there is only so much you can do unfortunately. What I would suggest is look into upgrading your equipment or purchase used equipment and go from there if you're thinking about this long term. You can also use the cloud with free credits.
Hi bro, I got a doubt ,lets say you have a malware sample which is password protected on your local system,I want to copy that file to REMnux for analysis,how do i do that ?
There are many ways to do this, some create a file share, scp, or open a python http service on your host and have remnux download the file there. Before analyzing the malware on Remnux be sure to change your network settings to be on the safe side.
What error are you getting? Here is the official github documentation in case some of the steps were updated since the video: github.com/mandiant/flare-vm
@@MyDFIR Thanks. It says .\install.ps1 is not a recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the path, name, or of the path was included. Here is the command and script I used below C:\users\vboxuser\desktop>.\install.ps1
Ah, where is your install.ps1 located? make sure you're in the same directory as the file and what I like to do is type in "inst" and hit "tab" for autocompletion just to make sure PowerShell recognizes the file.
I am so sorry! I’ve updated the description and here is the command (New-Object net.webclient).DownloadFile('raw.githubusercontent.com/mandiant/flare-vm/main/install.ps1',"install.ps1")
@@MyDFIR ya thats not how this works man, i have had 10 ppl do it and its a no go. if you do from scratch it stalls if you do from official vm it black screens its curious
@@TwinTailTerror Here is a link that looks promising. I don't have a Proxmox server in hand to try it out - digiforensics.blogspot.com/2021/04/running-remnux-on-proxmox-server.html
@@MyDFIR same thing i think thats to old that was 7.1 i have 8 it still boots but only once nobody can figure out why (this is not a just me thing) ty anyway i guess i was just asking around.
Yes! Keep specializing on knowledge like this and make a name for yourself
That's the plan!
Can you do a video on the different virtual box network configurations? Like what’s safe and what’s not. And how to communicate with other virtual machines in a safe environment
Hey! I’ve actually created a video which is part 2 of my lab. Let me know if this was what you are looking for. Otherwise I’ll see what I can do!
After VirtualBox failed me too many times, doing Remnux and Flare on VMware now, so smooth so far, so little config comparing to VirtualBox
How did it fail?
This channel just get better with every video! Great stuff, thanks for sharing. Do you think these would better on a dedicate machine that is air gap?
Thanks! When it comes it malware analysis, it would be safer to perform it within an air-gapped environment.
Sorry for double posting, I had initially thought my original post didn't go through, rather than perhaps the post being in a queue. my bad!
All good! You could try and use the -no checksum flag that the error had mentioned. See if that works for you or take a look at FlareVMs documentation on github to see if this is an expected error 👍
@@MyDFIR So it turns out, the extra solution to this is I had to turn off every possible Windows defense. I not only did what you instructed, but to add to that, I also shut off the other options in windows defender, PLUS I shut off the firewalls as well. But thanks a lot for the alternative tips!
i tried to disable defender throw policy but it still turned itself on why specific way to disable it ?
I have a software that checks for cpu temperature on the VM ! how to spoof it ?
How to use malware for phishing email,checking pdt,nd url
Pls help
How did you navigate the directory?
Do you have video that shows how to set network mode like you mentioned VM only, and also how to do snapshots ?
Yeah, if you check out my home lab series I show you how to do just that. ❤️
Much appreciated sir
I am trying to install flare vm onto an Oracle VM, not seeing the shortcut on desktop. Updates paused, and settings for firewall set as per video. What am I doing incorrect?
That is tough to troubleshoot without seeing exactly what you did but you can follow these steps here and that should help you.
github.com/mandiant/flare-vm - follow the "Installation instruction" section
hey man! So I'm trying to install flareVM, and I'm getting errors. I'm trying it both on windows 10 and 11. For 11, It says something about me not having permission over [Nuget] file paths? And as for windows 10, I get errors like "2024/04/17 20:50:02 [blobrunner64.vm] vm.common.psm1 [+] ERROR : Checksum for 'C:\Users\vboxuser\AppData\Local\ChocoCache\blobrunner64.vm\0.0.5.20240411\blobrunner64.zip' did not meet '325e3e26ccdce53cdd8b6665c7ed7d1765fc1c56cd088a5b4433593682c9f503' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary." This is happening with a few of the packages while some download successfully. Any thoughts and/or solutions?
Try out the -ignore-checksum flag 👍
Sir! is FlameVM GUI based and Remnux CLI based...if not then correct me! Which one would be best for beginners for malware detection....kindly help Sir. Thanks!
In addition to GUI and CLI, flare is Windows and Remnux for Linux - they both are good for malware analysis and serve different purposes. Best to learn both
@@MyDFIR thank you so much sir
Is docker free? I mean, my computer only has 8gb ram. I'm already using kali and ubuntu. And installing more OS wouldn't be working in my case ig?
What do you suggest?
Yeah Docker is free but with 8 GB RAM there is only so much you can do unfortunately. What I would suggest is look into upgrading your equipment or purchase used equipment and go from there if you're thinking about this long term. You can also use the cloud with free credits.
How can we configure Wazuh working with them in the VM?
Absolutely
So, will he work if I configure my internal network by changing my VM network setup? I got stuck with wazuh agent
You would create Wazuh on prem and have your agent installed on FlareVM. Make sure they are on the same network
Hi bro, I got a doubt ,lets say you have a malware sample which is password protected on your local system,I want to copy that file to REMnux for analysis,how do i do that ?
There are many ways to do this, some create a file share, scp, or open a python http service on your host and have remnux download the file there.
Before analyzing the malware on Remnux be sure to change your network settings to be on the safe side.
@@MyDFIR Okay thanks! Is it safe to keep the network host-only in VM ?
So i have been trying to install flarevm on a hyper-v vm and its been erroring out on me recently.
Strange, what error are you getting?
@@MyDFIRFigured out what the error was. Thanks for the response
Super vid!
Running scripts aren't the most fun, but they can expedite the process with Malware Analysis.
Agreed! Thanks for sharing 🙌
@@MyDFIRI can't get the .\install.ps1 to work. Any idea on what I did wrong.
What error are you getting? Here is the official github documentation in case some of the steps were updated since the video: github.com/mandiant/flare-vm
@@MyDFIR Thanks. It says .\install.ps1 is not a recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the path, name, or of the path was included. Here is the command and script I used below
C:\users\vboxuser\desktop>.\install.ps1
Ah, where is your install.ps1 located? make sure you're in the same directory as the file and what I like to do is type in "inst" and hit "tab" for autocompletion just to make sure PowerShell recognizes the file.
Not seeing the command for flare anywhere bro
I am so sorry! I’ve updated the description and here is the command
(New-Object net.webclient).DownloadFile('raw.githubusercontent.com/mandiant/flare-vm/main/install.ps1',"install.ps1")
After running this command, it seems like it worked but i cannot find the file to unblock-it :/ @@MyDFIR
The link to the flare vm download isn’t working, do you have an alternative link? And if so please send it, God bless :)
are this tools similar to ghidra?
These are VMs that come with tools installed. Ghidra is a tool for reverse engineering and should be included in these VMs
Thank you
Flare vm downloading is too slow i mean really fkn slow its been almost 5 hours and its still not done
nobody i know can get the remnux working on proxmox if ya know how do a video on that.
👀 any reason why that is? Proxmox is just a hypervisor - download and install Ubuntu then setup Remnux from scratch 👍 that should work
@@MyDFIR short answer i have 0 idea
it stalls from scratch around number 7 instruction wise
@@MyDFIR ya thats not how this works man, i have had 10 ppl do it and its a no go. if you do from scratch it stalls if you do from official vm it black screens its curious
@@TwinTailTerror Here is a link that looks promising. I don't have a Proxmox server in hand to try it out - digiforensics.blogspot.com/2021/04/running-remnux-on-proxmox-server.html
@@MyDFIR same thing i think thats to old that was 7.1 i have 8 it still boots but only once nobody can figure out why (this is not a just me thing) ty anyway i guess i was just asking around.
btw way thanks for the video