Lab Setup Part 2
Video Activity
In this session, you'll learn the installation of VMware and Windows XP for malware analysis. We'll begin with installation of a Windows XP machine using VMware Workstation 9 version. Additionally, you will learn all the settings that you should typically apply for such installations. After Windows XP machine has been setup, we'll learn how to inst...
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
In this session, you'll learn the installation of VMware and Windows XP for malware analysis. We'll begin with installation of a Windows XP machine using VMware Workstation 9 version. Additionally, you will learn all the settings that you should typically apply for such installations. After Windows XP machine has been setup, we'll learn how to install Kali Linux that will be used for networking. We'll add another network adaptor to the Kali Linux machine so it is connected to the Windows XP machine or the guest. Next, you will understand how to install the required malware analysis tools. Once Kali Linux is setup, you'll need to log in and setup the network for Kali.
Video Transcription
00:03
>> Here, I will be demonstrating how to install VMware,
00:03
and Windows XP as
00:03
the target malware analysis test virtual machine.
00:03
Here I've downloaded VMware Workstation 9.04.
00:03
It's a little older,
00:03
just fine, and I have a license for it.
00:03
It runs about 150,
00:03
Right below us is the open-source
00:03
>> virtual box, by Oracle.
00:03
>> Just fine and free.
00:03
I don't want VMware to know what I'm running.
00:03
In the meantime, I will show
00:03
you all the settings I typically applied [NOISE]
00:03
such as what operating systems that I usually create such
00:03
as the Chinese versions of
00:03
operating systems because some malware will not run
00:03
without the Chinese version or will not run correctly.
00:03
Turn off "Auto Updates",
00:03
so I will update very purposefully whenever I need to.
00:03
Install Explorer 8, 9,
00:03
and 10 and 11,
00:03
Office 2003, 2007, 2010,
00:03
tramp the macro settings Flash,
00:03
Flash 10, 11,
00:03
Adobe Acrobat Reader 9,
00:03
10 and 11, Java 6 and 7.
00:03
I'll just turn off "Shadow Volume and Copy".
00:03
I will run everything
00:03
in my virtual machine at least once.
00:03
I will turn on "Auto Login".
00:03
Turn off "Hide extensions for known file types",
00:03
"Hide protected operating system files".
00:03
Remove "These files are hidden" banners such
00:03
as if you go into C:/windows and XP, all the advances.
00:03
Are you sure you want to go here? And you say yes,
00:03
turn off the firewall,
00:03
disable pop-up blocking,
00:03
disable all the Internet Explore privacy things
00:03
in case they interfere with the malware,
00:03
turn off all the visual effects.
00:03
Vmware is really good about that.
00:03
But you don't need that slowing down your system.
00:03
Then restart the virtual machine and snapshot it.
00:03
They'll show the hidden files.
00:03
Even open up my Explorer window.
00:03
Go to Tools, Older Options,
00:03
View, Show Hidden Files, Folders and Drives.
00:03
Uncheck Hide Extensions for Non-file Types.
00:03
Uncheck Hide Protected Operating
00:03
System Files. Are you sure?
00:03
Say Okay. You can see
00:03
now these hidden files
00:03
that you don't normally see to care about are here.
00:03
[NOISE]
00:03
Now we VMware
00:03
tools is automatically installing.
00:03
You might want to get rid of these pop-ups too.
00:03
The cool thing about VMware Tools,
00:03
it's a little dangerous.
00:03
It's automatically installing.
00:03
Then print drivers,
00:03
so it'll automatically profile
00:03
your connected printers to
00:03
this machine, your host machine.
00:03
I recommend disabling that.
00:03
You don't want malware gathering intel on your stuff.
00:03
If it's VMware doesn't
00:03
automatically install VMware Tools,
00:03
you can go up here to VM right
00:03
here where it says Cancel VMware Tools Installation.
00:03
It would normally say install or upgrade tools.
00:03
You can click that, and it will
00:03
automatically mount a CD drive
00:03
with the VMware Tools that you can execute.
00:03
In the settings here, you will set up the network.
00:03
We'll change MAC to
00:03
Custom Virtual Network and choose something like VMnet2.
00:03
By default, it's completely isolated and
00:03
VMware will automatically have a DHCP,
00:03
so you might want to disable that.
00:03
You'd want to randomize this,
00:03
so it's not a VMware MAC address.
00:03
Maybe change this up a little
00:03
bit so malware can't detect.
00:03
Then a VMware, VM.
00:03
Now if we were to resize this,
00:03
VMware Tools will automatically
00:03
adjust lots of settings across.
00:03
Since VMware Tools is installed,
00:03
we can drag and drop or execute our tools.
00:03
Now, we're going to make
00:03
our second virtual machine for our Kali Linux.
00:03
Now, you can go to a Kali Linux website and
00:03
download a VMware virtual image
00:03
with VMware Tools automatically installed,
00:03
and I recommend this.
00:03
But just in case you want to do it from the ground up,
00:03
you can do the same procedure.
00:03
Ubuntu is fine with Debian.
00:03
Vmware doesn't really care
00:03
about what distribution of length it is.
00:03
It just chooses what hardware best suits it.
00:03
Power it on, and I'll boot
00:03
from an ISO that I downloaded.
00:03
I can boot live,
00:03
so it doesn't actually install.
00:03
I'm going to say Install.
00:03
It's where all the defaults. You'll notice
00:03
that it's taken over my mouse.
00:03
If I need to escape from that,
00:03
I just hit "Control Alt".
00:03
My cursor will appear.
00:03
Also, this VM,
00:03
it has MAC so it can get to the Internet.
00:03
I'm also going to add another network adapter,
00:03
so it can talk to my target,
00:03
infected or my guest XT virtual machine.
00:03
I'm going to set the host custom VMware2,
00:03
so it can also talk.
00:03
It can talk to Kali,
00:03
so it can talk to Windows XP.
00:03
Yes, that's fine.
00:03
Two password by default it's four,
00:03
and I'll just go with that for
00:03
now to that route backwards.
00:03
>> Close all the defaults.
00:03
Write changes to disk?
00:03
Yes. That was not the default.
00:03
The default is no, so you don't
00:03
accidentally overwrite the disk.
00:03
Typically, I want to have
00:03
as few analysis tools on
00:03
my guest VM that will be infected with malware.
00:03
Sometimes I'll take a snapshot without
00:03
these tools because sometimes
00:03
malware will look for tools running or just on the disk,
00:03
but usually, it's just malware roulette.
00:03
Usually, malware will just look
00:03
for running processes it knows to be
00:03
monitoring tools for malware analysis
00:03
like Capture BAT or system channels tools.
00:03
While Kelly is installing,
00:03
I would take this time to install some of these tools.
00:03
Here's Capture BAT.
00:03
[NOISE]
00:03
VMs
00:03
and VMware and all other software
00:03
like VirtualBox would go a lot
00:03
faster if you had a solid-state drive.
00:03
Solid-state drives aren't great for
00:03
handling large files because it's how they work,
00:03
but the speed improvement is significant.
00:03
I almost always work with solid-state drives when
00:03
I'm doing malware analysis in VMs.
00:03
[NOISE] Here,
00:03
I'm going to show
00:03
hidden files folders,
00:03
show operating system files and hide the extensions.
00:03
I'm going to remove the banners
00:03
simply by browsing to them like
00:03
this. One time is done.
00:03
System32 usually has a banner in system.
00:03
I'm not going to install the rest of these tools.
00:03
It's pretty self-explanatory.
00:03
Does it want to update?
00:03
Yeah, I like updating.
00:03
Yes, default. Install GRUB. [NOISE] Username is
00:03
root, password is toor,
00:03
T-O-O-R. Now we need to configure the network.
00:03
[NOISE]
00:03
The first Ethernet is
00:03
how VMs talk to each other.
00:03
I'm sorry. Yes,
00:03
the first network eth0 is how VMs talk to each other,
00:03
so let me just [inaudible] configure that.
00:03
Eth0 iface
00:03
eth0 inet static.
00:03
I like to indent, but you don't have to.
00:03
I'm just going to choose the 10. range.
00:03
I'm going to make it like this one,.1,
00:03
making that mask 255.255.255.0.
00:03
This is actually a quasi network,
00:03
so it's actually just 255.0.0.0,
00:03
but since we're working in such a small environment,
00:03
I'll just make this like that.
00:03
Gateway is myself.
00:03
I don't have to define it,
00:03
but [inaudible] Write quit,
00:03
say ifconfig
00:03
eth0 down and eth0 up.
00:03
It brings network interface down, up, down, up.
00:03
The second one, eth1.
00:03
Now it can talk to the Internet and talk
00:03
to the Windows XP machine.
00:03
[inaudible] like this.
00:03
It looks like it hasn't taken into the IP addresses.
00:03
That looks like DHCP account with this.
00:03
Since the network manager's trying to fix a few things,
00:03
it's a lot easier just to reboot.
00:03
In Windows, I'm going to do the same thing.
00:03
Make it full screen.
00:03
VMware Tools takes over.
00:03
It's just a screen resolution.
00:03
Go to "Network Connections",
00:03
insert the IP address manually.
00:03
This one, I'm going to set as 10.0.0.2, 55.255.255
00:03
and default gateway, I'll make
00:03
my Kelly [inaudible] I'll also
00:03
make it my DHCP server because we
00:03
might want to spoof DNS requests later.
00:03
Ipconfig, it has.2 address.
Up Next
Instructed By
Similar Content
