⛔ Disclaimers: I take no responsibility or accountability for infection of malicious software, programs, files onto any computer or workstation. This project and videos are for educational purposes only. I do not condone the development, use of, or spreading of programs to intentionally harm assets, networks, or individuals.
Safety is key when dealing with malware. Ensure you always are following protocols when it comes to downloading and detonating a malicious sample. Follow all instructions within the courses and listed resources.
Notes:
https://cybercademy.org/themalwarea...
⏰ Timestamps:
0:00 Introduction
0:51 Crash Course Overview
1:52 Selfhosted Topology
3:13 Cloudhosted Topology
4:12 Items to Note
5:45 Lab Showcase
6:10 Download VirtualBox
7:02 Download Windows 10 ISO
8:22 Download Remnux
9:03 Windows 10 VM Setup
16:06 Disable Windows Defender
19:24 Setup FlareVM
23:45 Setup Remnux
25:15 Setup Hostonly Adapter
27:23 Configure Remnux
33:45 Setup & Test VM Connections
37:11 Selfhosted Lab Finished
37:19 Cloud Lab Overview
39:05 Creating EC2 Instance
43:30 Set VM Environment
45:55 Disable Windows Defender
47:51 Install FlareVM
53:10 Export AMI
54:12 Create IAM Role
57:35 Download JQ, Terraform, AWSCLI
1:01:13 Log Into IAM Account
1:02:14 Change Terraform Files
1:05:49 Deploy Cloudhosted Lab
1:07:08 Log Into Lab
1:07:44 Configure INetSIM
1:09:02 Cloudlab Finished
1:11:06 Conclusion
Links & Commands:
[SelfHosted Lab]
Download VirtualBox: https://www.virtualbox.org/wiki/Downl...
Download Windows 10 ISO: https://info.microsoft.com/wwlanding...
Download Remnux: https://docs.remnux.org/installdistr...
Download Chrome: https://www.google.com/chrome/
[Download FlareVM]
Change directories to the Desktop
(NewObject net.webclient).DownloadFile('https://raw.githubusercontent.com/man...,"$([Environment]::GetFolderPath("Desktop"))\\install.ps1")
UnblockFile .\\install.ps1
SetExecutionPolicy Unrestricted
.\install.ps1
[CloudHosted Lab]
AWS Malware Lab by Adan Alvarez: https://github.com/adanalvarez/AWSma...
AWS Signup: https://aws.amazon.com/resources/crea...
Install Terraform: https://developer.hashicorp.com/terra...
Ubuntu AMI ID (AWS Marketplace): https://useast1.console.aws.amazon....
[Install JQ]
sudo apt install jq
[Install Terraform]
sudo aptget update && sudo aptget install y gnupg softwarepropertiescommon
wget O https://apt.releases.hashicorp.com/gpg'>https://apt.releases.hashicorp.com/gpg | \
gpg dearmor | \
sudo tee /usr/share/keyrings/hashicorparchivekeyring.gpg
gpg nodefaultkeyring \
keyring /usr/share/keyrings/hashicorparchivekeyring.gpg \
fingerprint
echo "deb [signedby=/usr/share/keyrings/hashicorparchivekeyring.gpg] \
https://apt.releases.hashicorp.com $(lsb_release cs) main" | \
sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update
sudo aptget install terraform
[Install AWS CLI]
sudo apt install awscli y
[Clone AWS Malware Lab GitHub Repo]
git clone https://github.com/adanalvarez/AWSma...
[Create File]
nano shared.auto.tfvars.json
[Configuration File]
{
"environment": "malwarelab",
"ami": "amixxxxxxxxxxxxxxxxx",
"account" : "222222222222",
"region": "useast1",
"enable_guacamole": false,
"enable_inetsim": true
}
[Terraform Commands]
terraform init: Initialize the environment.
terraform plan: Plan the configuration.
terraform apply: Apply the configuration file to AWS account.
terraform destroy: Destroy the environment once analysis has been conducted.
Follow Me:
Twitter: / collinsinfosec
Instagram: / _collinsinfosec
Cybercademy Discord Server: / discord
Have questions, concerns, comments?:
Email me: [email protected]
Gear:
Laptop (Lenovo X1 Carbon Ultrabook 6th Gen): https://amzn.to/2O0UfAM
Monitors (Dell D Series 31.5” D3218HN): https://amzn.to/2EXlgRF
Keyboard (Velocifire VM01): https://amzn.to/2TEswfd
Headphones (Audio Technica ATHM40x): https://amzn.to/2F4Tvq6
Work Monitors (Dell U4919DW UltraSharp 49 Curved Monitor): https://amzn.to/3yQmDhM
Desk (FLEXISPOT EW8 Comhar Electric Standing Desk): https://amzn.to/3S9OxvG