1
00:00:00,780 --> 00:00:10,670
Hello and welcome in this video lecture, I will show you how to set up a lab for malware analysis,

2
00:00:11,760 --> 00:00:15,560
why do we need to set up a lab in the first place?

3
00:00:15,570 --> 00:00:19,320
Malware can damage your computer if you execute it.

4
00:00:20,070 --> 00:00:28,290
So we need a lab in order to have a safe environment that we can use to analyze and execute and run

5
00:00:28,290 --> 00:00:30,360
malware also.

6
00:00:30,780 --> 00:00:38,210
Uh, let me get your machine actually is able to be reset to its previous date.

7
00:00:38,700 --> 00:00:45,090
So after analyzing or executing malware, we can always reset it to his previous date.

8
00:00:45,750 --> 00:00:49,350
And the previous date are snapshots.

9
00:00:49,920 --> 00:01:00,070
So we create snapshots before we analyze malware and we revert back to this snapshot after we finished

10
00:01:00,440 --> 00:01:01,400
the analysis.

11
00:01:02,370 --> 00:01:03,380
So let's get started.

12
00:01:06,970 --> 00:01:17,440
The requirements are as follows, we need to use virtual machine creator to create which machines and

13
00:01:17,440 --> 00:01:22,570
there are two popular ones Oracle Virtual Box.

14
00:01:23,200 --> 00:01:29,740
We read virtual boxes free and you can get it from this link here.

15
00:01:31,660 --> 00:01:35,350
On the other hand, we own way has got two versions.

16
00:01:36,670 --> 00:01:41,410
The first version, VMware Workstation Pro, is a 30 day trial.

17
00:01:42,610 --> 00:01:47,820
Once the 30 day trial expires, he will not be able to use it any longer.

18
00:01:49,060 --> 00:01:52,240
The second version is very workstation player.

19
00:01:52,300 --> 00:01:59,160
It is free but cannot create snapshots, so it is not suitable for our purpose.

20
00:01:59,980 --> 00:02:07,990
So either you go for virtual box or we may workstation pro, which is 30 days, but I wouldn't recommend

21
00:02:07,990 --> 00:02:11,070
it because after 30 days you can no longer use it.

22
00:02:12,370 --> 00:02:22,000
So if you are going to go for free and not ready to buy the license for the gaming workstation pro,

23
00:02:22,390 --> 00:02:25,150
then stick with your box, which is free.

24
00:02:26,650 --> 00:02:37,240
So the link is here and this is the website where you can just go ahead and click on the Windows host

25
00:02:37,660 --> 00:02:38,560
and download it.

26
00:02:39,700 --> 00:02:45,970
After downloading it, you will get up and running it.

27
00:02:46,000 --> 00:02:49,270
You will get, uh, windows, which look like this.

28
00:02:49,870 --> 00:02:55,750
As you can see on the left panel, I have already installed several which are machines.

29
00:02:59,290 --> 00:03:09,070
Next, you need to download ISO image with Windows seven, ultimate 32 bit working.

30
00:03:11,080 --> 00:03:19,360
Now, the reason why we need Windows seven, the little bit is because Windows seven has got a smaller

31
00:03:19,360 --> 00:03:20,020
footprint.

32
00:03:20,290 --> 00:03:24,410
You will find more samples targeting the Windows seven machine.

33
00:03:25,360 --> 00:03:32,110
Second reason is Windows seven machine is small, the size and footprint and less resource intensive

34
00:03:32,440 --> 00:03:40,540
competitive in those 10 and most malware is 32 bit, although there are also those targeting a 64 bit.

35
00:03:41,710 --> 00:03:45,700
So go for the Windows seven ultimate.

36
00:03:53,510 --> 00:04:01,340
And then after that, you need to install the gas addition to use for the virtual machine, the gas

37
00:04:01,340 --> 00:04:11,870
addition to allow you to go full screen and also allow you to share folders, sharing folders is important

38
00:04:11,870 --> 00:04:21,260
because you want to transfer tools and files between your host computer and your guess your machine.

39
00:04:23,310 --> 00:04:30,770
Then we will look at how the check for the two to change fast speeding guest and host and also how to

40
00:04:30,770 --> 00:04:35,550
create a base snapshot of the virtual machine after configuring it.

41
00:04:36,950 --> 00:04:40,690
Next, we will look at how to configure the virtual machine.

42
00:04:40,700 --> 00:04:50,330
In this case, your virtual machine is your Windows seven service pack, one ultimate 32 bit version.

43
00:04:51,460 --> 00:05:00,170
We will disable those Windows update, disable Windows Defender, which is the antivirus for Windows

44
00:05:00,980 --> 00:05:11,210
Disable, hiding all this file extensions and embouchure, all hidden files and folders disable he as

45
00:05:11,450 --> 00:05:12,560
our current.

46
00:05:14,900 --> 00:05:22,560
SLR is where you ready operating system randomise is the entry point for programs which are running.

47
00:05:24,210 --> 00:05:30,930
So we should disable it so that every time you want analyze, you will get the same entry point for

48
00:05:30,930 --> 00:05:32,790
the memory addresses.

49
00:05:34,350 --> 00:05:38,650
Then we should also disable Windows firewall and finally create a snapshot.

50
00:05:40,650 --> 00:05:50,520
So the first step is to install the create new virtual machine after downloading Windows seven.

51
00:05:51,120 --> 00:05:55,300
You have Farnaby quite long.

52
00:05:56,580 --> 00:05:59,250
He has got the ISO extension.

53
00:05:59,700 --> 00:06:07,740
The file size is approximately three point eight gigabyte triploid gigabytes, so just rename it to

54
00:06:07,740 --> 00:06:08,650
make it shorter.

55
00:06:09,400 --> 00:06:11,630
I call mine Windows seven.

56
00:06:11,640 --> 00:06:15,210
So this one Espie one just a little bit.

57
00:06:16,530 --> 00:06:19,470
I remember the location for this where you put it.

58
00:06:20,010 --> 00:06:27,420
You can place it somewhere convenient for you and then how we are going to go through the process of

59
00:06:27,420 --> 00:06:29,040
creating a new watch machine.

60
00:06:30,120 --> 00:06:39,000
Click on the machine and then click on New and over here, give a name for it called Windows seven.

61
00:06:40,850 --> 00:06:46,550
Windows seven, Ultimate Hespe, one right to be.

62
00:06:50,440 --> 00:07:01,110
Then you can leave the machine for a default as it is and then go here and look for new settings, make

63
00:07:01,110 --> 00:07:03,780
sure it is selected as Windows seven, 72 bit.

64
00:07:05,930 --> 00:07:07,700
And then over here next.

65
00:07:10,940 --> 00:07:20,180
And this you can live it as a default if you have more ram, you can increase the ram size for in-memory.

66
00:07:23,250 --> 00:07:34,580
Maybe you can put two to zero for me and then click on next, and then you don't need to change anything,

67
00:07:34,590 --> 00:07:46,290
just click on the create button and hear click on Nice Little Default I this and here live it as dynamically

68
00:07:46,620 --> 00:07:48,660
allocated and click on next.

69
00:07:51,080 --> 00:07:58,260
And they should be fine, as he said, dynamically group, truly klingler next.

70
00:07:59,780 --> 00:08:09,680
And now you can, uh, power it on and now you select, uh, start up this.

71
00:08:16,090 --> 00:08:19,990
So click on it and go and look for the new.

72
00:08:22,840 --> 00:08:23,950
I saw image.

73
00:08:26,170 --> 00:08:33,730
I saw and go to the hotel where you download it, where you place your.

74
00:08:43,930 --> 00:08:47,710
I so wish this man and he'd been.

75
00:08:49,720 --> 00:08:56,010
And then click and just click and then click start.

76
00:09:03,880 --> 00:09:06,750
And the installation process has begun.

77
00:09:09,600 --> 00:09:18,870
You install it just like any operating systems or windows, you go through the whole process and this

78
00:09:18,870 --> 00:09:20,190
will take some time.

79
00:09:23,100 --> 00:09:36,990
Just so we just let it run, and once he it has completed, we can stop the gas addition CD, so you

80
00:09:36,990 --> 00:09:40,860
are on the next king or you start.

81
00:09:49,870 --> 00:09:55,930
Click accept the licensing agreement did not is Windows seven, ultimate espie one.

82
00:09:58,410 --> 00:09:59,190
Clicking on this.

83
00:10:02,620 --> 00:10:10,180
And King on custom and in here, Ali, unallocated space, click on next.

84
00:10:13,650 --> 00:10:17,260
And he has begun copying files, so let it run.

85
00:10:19,140 --> 00:10:28,310
So I just let it run now and we will stop the video for now and I will see you in the next lesson and

86
00:10:28,320 --> 00:10:30,000
continue where we left off.

87
00:10:30,420 --> 00:10:31,440
Thank you for watching.