1
00:00:00,780 --> 00:00:02,160
Hello and welcome.

2
00:00:02,670 --> 00:00:10,620
In this video lecture, I really show you how to set up a lab for Melby analysis.

3
00:00:11,790 --> 00:00:15,520
Why do we need to set up a lab in the first place?

4
00:00:15,540 --> 00:00:19,350
Malware can damage your computer if you execute it.

5
00:00:20,040 --> 00:00:28,520
So we need a lab in order to have a safe environment that we can use to analyze and execute environmental.

6
00:00:28,560 --> 00:00:38,160
They also let virtual machines actually is able to be reset to its previous state.

7
00:00:38,700 --> 00:00:47,040
So after analyzing, I see, I think way we can always reset it to his previous state and the previous

8
00:00:47,040 --> 00:00:49,320
state of snapshots.

9
00:00:49,920 --> 00:01:00,060
So we create snapshots before we analyze malware and we revert back to the snapshot after we finished

10
00:01:00,180 --> 00:01:01,380
BFO analysis.

11
00:01:02,370 --> 00:01:03,360
So let's get started.

12
00:01:06,970 --> 00:01:08,830
The requirements are as follows.

13
00:01:09,580 --> 00:01:19,540
We need to use virtual machine creator to create which machines, and there are two popular ones.

14
00:01:20,620 --> 00:01:22,540
Oracle Virtual Box.

15
00:01:22,950 --> 00:01:26,950
Oh, we were virtual boxes free.

16
00:01:27,280 --> 00:01:29,700
And you can get it from this link here.

17
00:01:31,690 --> 00:01:35,320
On the other hand, we anyway has got two versions.

18
00:01:36,670 --> 00:01:41,380
The first version, VMware Workstation Pro is a 30 day trial.

19
00:01:42,610 --> 00:01:47,800
Once the 30 day expires, you will not be able to use it any longer.

20
00:01:49,030 --> 00:01:52,240
The second version is being very workstation player.

21
00:01:52,270 --> 00:01:55,840
It is free, but cannot create snapshots.

22
00:01:56,170 --> 00:01:59,110
So it is not suitable for our purpose.

23
00:01:59,980 --> 00:02:06,130
So either you go for what, your box or we in the Workstation Pro, which is 30 days.

24
00:02:06,760 --> 00:02:11,020
But I wouldn't recommend it because after three days you can no longer use it.

25
00:02:12,370 --> 00:02:22,630
So if you are going to go for free and not ready to buy the license for the PMA Workstation Pro, then

26
00:02:22,690 --> 00:02:25,150
stick with your box, which is free.

27
00:02:26,650 --> 00:02:29,020
So the link is here.

28
00:02:30,190 --> 00:02:33,610
And this is TI website where you can download.

29
00:02:34,240 --> 00:02:40,780
Just go ahead and click on the Windows host and download it after downloading it.

30
00:02:41,380 --> 00:02:45,850
You will get up and running it.

31
00:02:45,970 --> 00:02:49,240
You will get windows which look like this.

32
00:02:49,870 --> 00:02:55,690
As you can see on the left panel, I have already installed several Witcher machines.

33
00:02:59,290 --> 00:03:09,070
Next, you need to download ISO image, win Windows seven, ultimate 32 bit version.

34
00:03:11,080 --> 00:03:19,330
Now, the reason why we need Windows seven daily to beat is because Windows seven has got this smaller

35
00:03:19,330 --> 00:03:19,960
footprint.

36
00:03:20,350 --> 00:03:24,400
You will find more samples targeting the Windows seven machine.

37
00:03:25,360 --> 00:03:32,820
Second reason is Windows seven machine is smaller size and footprint and less resource intensive compared

38
00:03:32,830 --> 00:03:33,640
to Windows 10.

39
00:03:34,570 --> 00:03:40,510
And most malware is 32 bit, although there are also those targeting 64 bit.

40
00:03:41,710 --> 00:03:45,700
So go for the Windows seven ultimate.

41
00:03:53,510 --> 00:04:01,330
And then after that, do you need to install the gas addition to use for the virtual machine, the gas

42
00:04:01,340 --> 00:04:08,690
addition, to allow you to go full screen and also allow you to share folders?

43
00:04:09,380 --> 00:04:19,010
CHEERING for this is important because you want to transfer tools and files between your host computer

44
00:04:19,010 --> 00:04:21,230
and your guests virtual machine.

45
00:04:23,330 --> 00:04:31,070
Then we will look at how you check for the to exchange for between guest and host and also how the grid

46
00:04:31,580 --> 00:04:35,540
based snapshot of the virtual machine after configuring it.

47
00:04:36,950 --> 00:04:40,670
Next, we will look at how to configure the virtual machine.

48
00:04:40,670 --> 00:04:50,270
In this case, your virtual machine is your Windows seven service pack one ultimate 32 bit version.

49
00:04:51,470 --> 00:05:00,140
We will disable those Windows update, disable Windows Defender, which is the antivirus for Windows,

50
00:05:00,950 --> 00:05:09,890
disable hiding or file extensions and embouchure all hidden files for this disable.

51
00:05:10,190 --> 00:05:12,530
He s l r.

52
00:05:14,770 --> 00:05:22,530
Is there are is where you the operating system randomise is the entry point for programs which are running.

53
00:05:24,210 --> 00:05:30,630
So we should disable it so that every time you and you analyze, you would get the same entry point

54
00:05:30,630 --> 00:05:32,730
for the memory addresses.

55
00:05:34,350 --> 00:05:38,670
Then we should also disable Windows Firewall and finally create a snapshot.

56
00:05:40,650 --> 00:05:50,490
So the first step is to install the create new virtual machine after downloading Windows seven.

57
00:05:51,120 --> 00:05:55,290
You would have far be quite long.

58
00:05:56,580 --> 00:05:57,700
He has got done.

59
00:05:57,990 --> 00:06:04,980
I saw extension, the file sizes approximately three point eight gigabyte trippingly gigabytes.

60
00:06:05,940 --> 00:06:08,610
So just rename it to make it shorter.

61
00:06:09,360 --> 00:06:11,490
I call mine Windows seven.

62
00:06:11,640 --> 00:06:12,690
So the spang one.

63
00:06:12,810 --> 00:06:15,180
Hespe one just a little bit.

64
00:06:16,530 --> 00:06:19,440
I remember the location for this where you put it.

65
00:06:20,010 --> 00:06:22,350
You can place it somewhere convenient for you.

66
00:06:23,730 --> 00:06:31,110
And then how they are going to go through the process of creating a new with your machine cleaning machine

67
00:06:31,920 --> 00:06:33,180
and then click on new.

68
00:06:34,530 --> 00:06:39,000
And over here, give a name for it called Windows seven.

69
00:06:40,880 --> 00:06:46,520
Windows seven, ultimate XP one, that is to be.

70
00:06:50,430 --> 00:07:00,930
And you can leave the mission for a default as it is, and then go here and look for new settings to

71
00:07:00,930 --> 00:07:03,750
make sure it is selected as Windows seven, 32 bit.

72
00:07:05,930 --> 00:07:07,640
And then over here, click next.

73
00:07:10,940 --> 00:07:20,180
And this you can live in as a default if you have more ram, you can increase the ram size for in-memory.

74
00:07:23,280 --> 00:07:34,550
Maybe you can put two to zero for it and then click on next and then you don't no need to change anything,

75
00:07:34,560 --> 00:07:46,290
just click on the create button and here click on this little default as it is, and here it as dynamically

76
00:07:46,650 --> 00:07:48,600
allocated and click on next.

77
00:07:51,080 --> 00:07:58,230
And this should be fine, as he said, dynamically grow growing Klingler next.

78
00:07:59,810 --> 00:08:09,620
And now you can buy weed on and now you select, uh, start up this.

79
00:08:16,120 --> 00:08:19,960
So click on it and go and look for the new.

80
00:08:22,870 --> 00:08:23,920
I saw image.

81
00:08:26,170 --> 00:08:33,670
I saw and go to the folder where you download it, where you place your.

82
00:08:43,960 --> 00:08:47,680
I so wish is just fine, and he'd been.

83
00:08:49,720 --> 00:08:55,990
And then and just quickly and then I'll click start.

84
00:09:03,880 --> 00:09:06,700
And installation process has begun.

85
00:09:09,600 --> 00:09:14,460
You install it just like any of these stones or windows.

86
00:09:15,270 --> 00:09:20,160
He would go through the whole process and this will take some time.

87
00:09:23,100 --> 00:09:34,920
Yeah, so we just let it run, and once he he knows complete completed, we can install the guest additions

88
00:09:34,920 --> 00:09:35,230
CD.

89
00:09:36,450 --> 00:09:40,800
So you get the next king or you star.

90
00:09:49,870 --> 00:09:52,750
Please accept the licensing agreement, take note.

91
00:09:53,260 --> 00:09:55,870
It's Windows seven, ultimate S.b when?

92
00:09:58,380 --> 00:09:59,160
Click on this.

93
00:10:02,680 --> 00:10:09,040
Hey, hang on custom, and then you click on Ali Unallocated Space.

94
00:10:09,370 --> 00:10:10,120
Click on next.

95
00:10:13,650 --> 00:10:15,600
And now he has begun copying files.

96
00:10:16,410 --> 00:10:17,250
So let it run.

97
00:10:19,170 --> 00:10:21,420
So I would just let it run now.

98
00:10:21,750 --> 00:10:24,630
And we will stop the video for now.

99
00:10:25,050 --> 00:10:30,000
And I will see you in the next lesson and continue where we left off.

100
00:10:30,420 --> 00:10:31,440
Thank you for watching.