Time
9 hours 10 minutes
Difficulty
Advanced
CEU/CPE
9

Video Description

In this session, you'll learn the installation of VMware and Windows XP for malware analysis. We'll begin with installation of a Windows XP machine using VMware Workstation 9 version. Additionally, you will learn all the settings that you should typically apply for such installations. After Windows XP machine has been setup, we'll learn how to install Kali Linux that will be used for networking. We'll add another network adaptor to the Kali Linux machine so it is connected to the Windows XP machine or the guest. Next, you will understand how to install the required malware analysis tools. Once Kali Linux is setup, you'll need to log in and setup the network for Kali.

Video Transcription

00:04
here I will be demonstrating how to install
00:08
GM. Where and when does X p
00:11
as the target?
00:12
Malware analysis
00:14
guest
00:15
Workable machine.
00:16
So here are downloaded him. Where? Workstation
00:20
9.4
00:21
before older. Just fun.
00:24
And I have a license for that runs about 150. Below it is the open source Virtual box by Oracle
00:30
Just fine and free.
00:34
I don't want the end. Where to Know what I'm running.
00:40
In the meantime, I will show you
00:45
all the settings typically applied.
00:49
Okay,
00:51
Such as What? Operating systems are usually
00:55
great.
00:56
So, Jones,
00:59
the Chinese versions of operating systems because some our will not run without the Chinese version will not run correctly.
01:07
Turn off auto A big So you did it very personally whenever I need to.
01:11
So explore 89 and 10
01:15
11.
01:18
Office 7 7010
01:21
Trump Back Sitting Splash
01:23
Blush 10.
01:25
I love him.
01:26
They'll be asked about reader
01:27
9 10 11
01:30
Java
01:30
six and seven
01:34
and
01:34
turnoff Shadow volume copy.
01:38
I will run everything in my
01:42
victim machine at least once.
01:45
I will.
01:46
Tron. Auto. Warren,
01:49
Turn off my extensions from them Viol ties.
01:52
I'm protecting
01:53
detected operations involves
01:56
removed.
01:57
These files are hitting banners,
02:01
which is, if you go into C corn clash
02:07
windows
02:07
and X T OBY advances. Are you sure you wanna go hear you say yes?
02:12
Turn off before a wall
02:13
to several pop of blocking
02:16
civil. All the Internet Explorer privacy
02:19
things in case they interfere with my work.
02:22
Old visual,
02:23
The m o is really good about that. But you don't need that slowing down their system.
02:29
And then we start the machine, the virtual machine, and snapshot it.
02:35
So the show,
02:37
the hidden files
02:39
you can open up, explore window,
02:42
that old
02:43
good tools
02:45
folder options
02:47
you
02:50
show hidden files, orders and drives.
02:53
Uncheck highly contentious for now involved. Lives unchecked. Hi protected operating system files.
03:00
Are you sure?
03:04
So Okay,
03:07
you can see now
03:09
these hidden files that you don't normally see your care about are here.
06:18
So now the more tools is automatically installing.
06:28
I want to get rid of these obscene,
06:32
cool thing about VM where tools
06:36
the little dangerous. It's automatically installing,
06:40
then print drivers.
06:42
So it'll automatically profile
06:45
the
06:46
you're attractive printers to this machine. Your host machine
06:51
recommend disabling that
06:55
you don't want Mauer gathering Intel on your stuff.
07:00
It is
07:01
this being more, it doesn't automatically install them or tools.
07:05
You go up here to the M
07:09
right here where it says canceled you more tools installation,
07:12
it would normally say Installer upgrade tools. You can click on that.
07:18
It will automatically MT.
07:21
A CD drive with the beam or tools that you can execute
07:27
and setting. Here
07:30
you will set up the network.
07:32
We'll change nak
07:35
to custom virtual network
07:38
and choose something like the M met, too
07:43
by default, really isolated and GM or will automatically have a d h c p.
07:48
So you might want to disable that
07:53
under advanced
07:56
names.
07:56
Use me not advanced.
07:59
Well, you want randomize this so it's not a V M. Where Mac address
08:05
maybe
08:07
changes up a little bit
08:09
from our can't detect
08:13
the
08:15
is in a
08:16
bm Moore.
08:18
The M.
08:22
Now we're to Reese Isis.
08:26
The more tools
08:31
will automatically adjust
08:33
lot of settings for us.
08:39
And since being more tools installed, you can drag and drop
08:43
our Cuba. Lt's our tools.
08:48
No,
08:50
we're gonna make our second virtual machine
08:56
for
08:56
Are
08:58
Callie living?
09:03
No.
09:05
You can go to the caliber blanks Web site and download
09:09
avian where virtual image
09:11
with the immortals automatically installed. And I recommend this,
09:15
but just in case you wanna do it from the ground up,
09:18
you can do the same procedure
09:26
on book this fine. Both Fabian
09:31
for being where doesn't really care
09:33
about what distribution of length, it is. It just choose what hardware best suited
09:45
Howard on
09:46
and I'll boot from That s o
09:50
don't move.
09:54
I mean, big
09:56
live,
09:58
so it doesn't actually install,
10:01
But I'm gonna say install
10:11
through all the default
10:13
and almost that it's taken over my mouth. If I need to escape from that,
10:18
I just had controlled
10:20
my curse will appear.
10:30
Um, Also
10:31
p m
10:35
I'm has now so we can get to the Internet.
10:39
I'm mostly gonna add another network adapter
10:43
so you can talk to
10:46
my target
10:50
infected or my guest
10:54
Extra virtual machine.
10:56
I said the host omen or excuse me custom,
11:00
the more that two. So it can also talk.
11:05
So it can't talk to Callen so I can talkto windows X p
11:13
yes.
11:18
Password but defaulted store. I'll just go now.
11:24
That's from backwards.
11:37
A ll. The default
11:41
are changes The disc. Yes,
11:46
I have. That was about the deep open defaulters knows you don't actually override the disc.
11:52
Typically,
11:54
I won't have a few analysis tools
11:58
on my
12:00
guest
12:01
VM that will be infected with our.
12:05
So sometimes I'll take a snapshot without these tools.
12:09
Sometimes my war will look for tools running
12:11
or just on the death.
12:15
But usually it's just my world will.
12:18
Usually, malware will just look for
12:20
running
12:22
processes that knows to be
12:24
monitoring
12:26
tools form our analysis,
12:30
My cash back
12:33
or assistant Charles Tools.
12:52
So well, Charlie is installing.
12:54
I would take this time to install some of these tools.
13:01
He was captured that
13:22
the EMS and being where
13:24
and all other
13:26
software like Virtual Box,
13:28
we do a lot faster
13:31
if you had a solid state drive.
13:33
Salty jobs are great
13:37
for handling large files
13:39
how they work.
13:41
But the speed
13:43
improvement is significant.
13:46
So I almost always worked with solid state drives.
13:48
I'm doing mom or analysis
13:52
in the EMS
14:01
here.
14:03
I'm going to
14:05
show involved holders,
14:09
show our operating system files
14:13
and hide the extensions.
14:18
I'm gonna remove the batters simply by browsing tooth. Um, like this.
14:26
So one time thing
14:31
system 32 usually have the banner
14:37
system.
14:37
Okay,
14:46
enough. Install Rusty's tools.
14:50
Pretty self explanatory.
15:01
Does it want to update?
15:03
Yeah, I like updating.
15:24
So, yes, you Fulton strong rub.
16:18
He's in his root password for T o r.
16:27
No need to configure the network.
16:45
1st 1
16:48
first
16:49
Ethernet
16:53
is the Internet
17:00
or I'm sorry. Is the, uh
17:03
how would be, um,
17:06
hellions talk to Joe?
17:07
So we will.
17:11
So we'll make
17:15
I'm here.
17:18
Yes, the first network.
17:19
If zero
17:21
televisions talk to each other sometimes, especially configure that
17:25
you zero.
17:27
Huh?
17:32
My face
17:33
e th zero.
17:40
I met Static.
17:44
I like to invent,
17:45
but you don't have to.
17:48
I'm just going to choose the $10 range.
17:51
I'm gonna make it.
17:52
Make this one
17:53
with that one.
17:57
Making that mask
18:00
2 54 50 0
18:06
There's actually a classy networks. Those actually just stopped 25000 But working such a small environment,
18:15
all this makes this back. Gateway
18:18
is my phone.
18:21
Don't hunt for me,
18:25
right quick.
18:29
Say, I have a big
18:33
e th zero
18:34
down
18:36
on t zero.
18:40
So bring us now working on this.
18:41
Okay,
18:42
Down,
18:44
down,
18:45
up one. Teach one.
18:51
So now you can talk to the Internet and talk to
18:55
the Windows expedition.
19:00
Confirm this. This looks like it hasn't taken to the I P addresses
19:07
that looks like DCP accomplices.
19:11
And since the network manager
19:15
a few things,
19:15
it's a lot easier just to reboot
19:21
and Windows.
19:26
I'm gonna do the same sort of thing.
19:32
Screen. The M R Tools takes over just a screen resolution.
20:03
Goto Network connections
20:08
foot
20:11
the I P address
20:14
manually.
20:18
So we're set.
20:21
It's 10 dot
20:22
zero
20:23
zero.
20:25
That too,
20:29
55
20:30
secretly 55
20:37
in default. Gateway. I'll make my Charlie
20:41
Kelly
20:42
also make it my
20:45
the HCG server
20:47
because we might want to spoof
20:48
the Nestor class later
21:04
has, uh, got to undress.

Up Next

Intro to Malware Analysis and Reverse Engineering

In this malware analysis course you will learn how to perform dynamic and static analysis on all major files types, how to carve malicious executables from documents and how to recognize common malware tactics and debug and disassemble malicious binaries.

Instructed By

Instructor Profile Image
Sean Pierce
Instructor