FLARE VM: a Windows-based security distribution for malware analysis, incident response and…
A fully configured platform with open source tools
FLARE VM is a freely available and open sourced Windows-based security distribution for reverse engineering, malware analysis, incident response, forensics analysis, and penetration tests.
FLARE VM delivers a fully configured platform with a comprehensive collection of Windows security tools such as debuggers, disassemblers, decompilers, static and dynamic analysis utilities, network analysis and manipulation, web assessment, exploitation, vulnerability assessment applications, and many others.
Installed Tools
Debuggers
- OllyDbg + OllyDump + OllyDumpEx
- OllyDbg2 + OllyDumpEx
- x64dbg
- WinDbg
Disassemblers
- IDA Free
- Binary Ninja Demo
Java
- JD-GUI
Visual Basic
- VBDecompiler
Flash
- FFDec
.NET
- ILSpy
- DNSpy
- DotPeek
- De4dot
Office
- Offvis
Hex Editors
- FileInsight
- HxD
- 010 Editor
PE
- PEiD
- ExplorerSuite (CFF Explorer)
- PEview
- DIE
Text Editors
- SublimeText3
- Notepad++
- Vim
Utilities
- MD5
- 7zip
- Putty
- Wireshark
- RawCap
- Wget
- UPX
- Sysinternals Suite
- API Monitor
- SpyStudio
- Checksum
- Unxutils
Python, Modules, Tools
- Python 2.7
- Hexdump
- PEFile
- Winappdbg
- FakeNet-NG
- Vivisect
- FLOSS
- FLARE_QDB
- PyCrypto
- Cryptography
Other
- VC Redistributable Modules (2008, 2010, 2012, 2013)
Installation
Create and configure a new Windows 7 or newer Virtual Machine (my suggestion: get it from https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/).
The installation script is a Boxstarter script which is used to deploy FLARE VM configurations and a collection of chocolatey packages.
The easiest way to run the script is to use Boxstarter’s web installer as follows:
- On the newly created VM, open the following URL in Internet Explorer (other browsers are not going to work):
http://boxstarter.org/package/url?[FLAREVM_SCRIPT]
where FLAREVM_SCRIPT
is a path or URL to the respective FLARE VM script. For example to install the malware analysis edition:
or if you have downloaded and copied the installation script to the local C drive:
http://boxstarter.org/package/url?C:flarevm_malware.ps1
- Copy
install.bat
andflarevm_malware.ps1
on the newly created VM and executeinstall.bat
.
More information and downlaods
[embed]https://github.com/fireeye/flare-vm[/embed]