Amazing video, oh my goodness though I completely either was daydreaming or something because I forgot to or didn't even pay attention to when you said to disconnect the iso file. lol I installed pfsense like 5 times in a row before I realized. Thanks for the video!
There is a easier way to setup a malware VM Lab. But the steps you took will definitely ensure the malware samples can't escape to the net or into your network wifi environment. Most Ransomware doesn't perform callbacks to a C2 domain, IP, or URL. It's sole function is just to encrypt your machine and hope you pay the ransom. But the Crypto Ransomware will make callbacks.
Thank you very much. Is there any chance we could get the snapshots without waiting several hours for the Flare-VM to complete? is there is a online library for example It would be extremely helpful if we can download pre-ready vms.
Hey there! I exported the VM I created into a OVA file so you could import it into VirtualBox. I uploaded it to Megadrive so might take a little while to download. I also split it up into four files. Hope this works okay for you! mega.nz/file/6HQxyJoJ#xuprSsUiGR89Tax2zQtSl3PifNgAMTeuwFuQVs9f_F8 mega.nz/file/aLoHjTwZ#djkJ8Uj-1Yzc_0UKhRV53d88ZrpIojY9Eyo8VOpuNuY mega.nz/file/eeA1WSiB#eRTkTNJPBN6iyqczL0V2kwRknQn6D7WeQYQTEKSgYUE mega.nz/file/DawCkDaQ#8NMrDBzuUw17TYLkDnoZKCfviJ-HlREPA6mwt6KonZA
@@synacktime Hey Ben, thank you so much for uploading it ! I really appreciate the effort. I'll get started on downloading and importing it into VirtualBox. Thanks again!
You don't have to unzip the pfsense ISO, but the download process changed a bit since this video was released, they make you go through and purchase a zero dollar license - www.pfsense.org/download/ They'll basically email you the link to download the ISO, then you'll mount the ISO with VIrtualBox as a virtual CD-ROM.
@@synacktime I did that, registered and downloaded from the zip file. However, there will be a "Catastrophic failure" when unzipping, thus unsuccessful. I think its an issue for the pple who did the download now. If you have a good working version, it would help to allow us to download and use it.
Good morning! It's really easy with VMWare, right click on your virtual machine and go to Settings. Then click on the Add button at the bottom of that window and select Network Adapter. That should add the extra network interface, then you'll need to select the type of Network Connection on the right. If it's the one connecting to the internet (WAN), then I'd use NAT, if not, then use the Custom one and pick a network from the drop down that's not being used. :)
@@synacktime I put NAT for the 1st adapter. For the 2nd adapter, there are two options for Network connection: "Host-only: A private network shared with the host", "Custom: Specific virtual network" For the "Custom: Specific virtual network", it has 20 choices from "VMnet0" to "VMnet19". Which network connection should I choose? If choose "Custom", any VMnetXX will do? Do I need to configure VMnetXX?
@@ChungYuLiu I would do custom, but before that you'll need to go to Edit -> Virtual Network Editor, then Add a network. You can name it whatever you want (I call mine internal). Then make it a host-only network and uncheck "Use local dhcp service to distribute IP". Now when you go in to select the custom network on the virtual machine, it'll be easy to recognize and you'll simple make sure that any virtual machines you want to use the pfsense, will use the custom network. Hope that makes sense, if not, maybe I can whip up a super fast video about it :)
@@synacktime I followed your steps and created the Internal network. How does the Internal network subnet affect anything? I am stuck at the pfsense installation which shows differently from your installation. After clicking on to install, it goes to "Please select the WAN interface". I have eM0 and eM1 which shows different interface. How to know which to choose? I think it be good to do a fast video on pfsense(vmware) and the WAN interface part. I saw that the REMnux and FLARE are using the Internal adapter. I am a bit confused on the traffic routing, if pfsense is on, FLARE can access internet. if only REMnux is ON and fakedns, FLARE is used to detonate malware which shows the malware website IP resolution on REMnux, but unable to access internet cos pfsense if OFF?
This right here is Gold. I've being trying to install flarevm but having some issues. I'll let you know once it works
Please let us know how it went! Malware analysis is an amazing skill and will be a huge plus on any resume. Don't forget to check out Huskyhacks!
Awesome tutorial!
Thanks for high quality content.
Really appreciate the kind words! :)
Amazing tutorial
Thank you, friend! :)
Thank You very much!
You're very welcome!!
Amazing video, oh my goodness though I completely either was daydreaming or something because I forgot to or didn't even pay attention to when you said to disconnect the iso file. lol I installed pfsense like 5 times in a row before I realized. Thanks for the video!
Happy to help!! Really thankful for the kind words. ☺️
Thanks ❤
You got it!! Always happy to help :)
There is a easier way to setup a malware VM Lab. But the steps you took will definitely ensure the malware samples can't escape to the net or into your network wifi environment. Most Ransomware doesn't perform callbacks to a C2 domain, IP, or URL. It's sole function is just to encrypt your machine and hope you pay the ransom. But the Crypto Ransomware will make callbacks.
True! :) We can also check out other malicious software like spyware too. I like that we can give it a little bit of internet if we need to.
@@synacktime true.
Thank you very much. Is there any chance we could get the snapshots without waiting several hours for the Flare-VM to complete? is there is a online library for example It would be extremely helpful if we can download pre-ready vms.
Hey there! I exported the VM I created into a OVA file so you could import it into VirtualBox. I uploaded it to Megadrive so might take a little while to download. I also split it up into four files. Hope this works okay for you!
mega.nz/file/6HQxyJoJ#xuprSsUiGR89Tax2zQtSl3PifNgAMTeuwFuQVs9f_F8
mega.nz/file/aLoHjTwZ#djkJ8Uj-1Yzc_0UKhRV53d88ZrpIojY9Eyo8VOpuNuY
mega.nz/file/eeA1WSiB#eRTkTNJPBN6iyqczL0V2kwRknQn6D7WeQYQTEKSgYUE
mega.nz/file/DawCkDaQ#8NMrDBzuUw17TYLkDnoZKCfviJ-HlREPA6mwt6KonZA
@@synacktime Hey Ben, thank you so much for uploading it ! I really appreciate the effort. I'll get started on downloading and importing it into VirtualBox. Thanks again!
@@ahmedel5258 Totally!! Hope it works well for you! The password to sign in is password. 😁
the pfsense iso downloaded from the pfsense website cannot be unzip. Could you paste the download link for your one that works?
You don't have to unzip the pfsense ISO, but the download process changed a bit since this video was released, they make you go through and purchase a zero dollar license - www.pfsense.org/download/ They'll basically email you the link to download the ISO, then you'll mount the ISO with VIrtualBox as a virtual CD-ROM.
@@synacktime I did that, registered and downloaded from the zip file. However, there will be a "Catastrophic failure" when unzipping, thus unsuccessful. I think its an issue for the pple who did the download now. If you have a good working version, it would help to allow us to download and use it.
@@ChungYuLiu I had the same issue but if you extract the folder using 7-ZIP it works or at least it worked for me.
@@venom_443 thanks, 7zip does work!
Im using vmware. how to setup the pfsense network(2 adapters) in vmware?
Good morning! It's really easy with VMWare, right click on your virtual machine and go to Settings. Then click on the Add button at the bottom of that window and select Network Adapter. That should add the extra network interface, then you'll need to select the type of Network Connection on the right. If it's the one connecting to the internet (WAN), then I'd use NAT, if not, then use the Custom one and pick a network from the drop down that's not being used. :)
@@synacktime I put NAT for the 1st adapter. For the 2nd adapter, there are two options for Network connection: "Host-only: A private network shared with the host", "Custom: Specific virtual network" For the "Custom: Specific virtual network", it has 20 choices from "VMnet0" to "VMnet19". Which network connection should I choose? If choose "Custom", any VMnetXX will do? Do I need to configure VMnetXX?
@@ChungYuLiu I would do custom, but before that you'll need to go to Edit -> Virtual Network Editor, then Add a network. You can name it whatever you want (I call mine internal). Then make it a host-only network and uncheck "Use local dhcp service to distribute IP". Now when you go in to select the custom network on the virtual machine, it'll be easy to recognize and you'll simple make sure that any virtual machines you want to use the pfsense, will use the custom network. Hope that makes sense, if not, maybe I can whip up a super fast video about it :)
@@synacktime I followed your steps and created the Internal network. How does the Internal network subnet affect anything? I am stuck at the pfsense installation which shows differently from your installation. After clicking on to install, it goes to "Please select the WAN interface". I have eM0 and eM1 which shows different interface. How to know which to choose? I think it be good to do a fast video on pfsense(vmware) and the WAN interface part.
I saw that the REMnux and FLARE are using the Internal adapter. I am a bit confused on the traffic routing, if pfsense is on, FLARE can access internet. if only REMnux is ON and fakedns, FLARE is used to detonate malware which shows the malware website IP resolution on REMnux, but unable to access internet cos pfsense if OFF?
@@ChungYuLiu I'll see if I can whip up a video for ya talking about the networking. Stay tuned!