Hackers Society

Register a free account today to become a member OF hackers Society! Once signed in, you'll be able to Learn free hacking cracking and carding tips tricks and cources, as well as connect with other members through your own private inbox!

HOW TO BUILD A MALWARE LAB

MrX

Root
Administrator
VIP
Awards
0
Host Machine :

  1. Install Virtualbox

Linux Mint Gateway
VM setup:
CPU: 2 cores
RAM: 2 GB
HD: 32 GB
Network: Set up 2 NICs. One set as NAT, the other as Host-only

  1. Install Linux Mint and all updates
  2. Install software:
    1. Virtualbox Guest Additions: Virtualbox menu > Devices > “Insert Guest Additions CD image”
    2. Wireshark:
      sudo apt install wireshark
    3. PIP:
      sudo apt install python-pip
    4. Oletools:
      sudo pip install oletools
      • If there are errors try running first:
        sudo pip install --upgrade setuptools
    5. InetSim:
      sudo apt install inetsim
  3. Polar Proxy
    1. mkdir ~/PolarProxycd ~/PolarProxy/curl https://www.netresec.com/?Download=PolarProxy | tar -xzvf -cd ~
  4. LabNet setup
    1. Follow the setup instructions on https://github.com/netsecninja/LabNet
      • Note: the labnet.sh file should be in ~ (root of your user profile)
  5. Note IP address of host-only NIC:
    ip a
  6. Snapshot VM
Windows 10 Victim
VM setup:
CPU: 2 cores
RAM: 2 GB
HD: 32 GB
Network: Host-only, but uncheck Cable Connected box for now (stops patches and AV updates from occurring during setup)

  1. Install Windows 10
    1. https://www.microsoft.com/en-us/software...ndows10ISO
    2. Download oldest version available (less patches means more vulnerable for testing!)
    3. Skip network connection
  2. Autologin
    1. Start > Netplwiz
    2. Click user, uncheck “Users must enter a user name and password to use this computer”
    3. Apply, enter password
  3. Disable AV
    1. Open Command Prompt as Admin
    2. reg.exe ADD “HKLM\Software\Policies\Microsoft\Windows Defender” /t REG_DWORD /v DisableAntiSpyware /d 1
  4. Disable patches
    1. Open Command Prompt as Admin
    2. reg.exe ADD HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU /t REG_DWORD /v NoAutoUpdate /d 1
    3. sc config wuauserv start=disabled
  5. Install Guest tools
  6. Reboot
  7. Start > Services, verify Windows Update and Windows Defender services are disabled and not running still
  8. Enable networking by putting check in Cable Connected box in VM settings
  9. Install Notepad++
  10. Install Sysmon
    1. Download the SwiftOnSecurity policy
    2. Start > CMD > Run as Administrator
    3. CD into sysmon directory
    4. Sysmon.exe -accepteula -i sysmonconfig-export.xml
    5. Start > Event Viewer
    6. Right-click Custom View > Create Custom View
    7. Event Logs > Application and Services Logs > Microsoft > Windows > Sysmon
  11. Install Wireshark
  12. Install Procmon
    1. Disable “Show Resolved Network Addresses”
    2. Add “Thread ID”
  13. Install Graphviz
  14. Install Windump
  15. Install ProcDOT
    1. Set WinDump path
    2. Set Graphviz dot.exe path
  16. Install Office or LibreOffice
  17. Install Python
    1. Make sure “PIP” is set to install
    2. Make sure to check the “Add Python to Path” box during install
  18. Install OLETools
    1. Command prompt >
      pip install oletools
  19. Disable sleep under power settings
  20. Set up Networking
    1. Right-click network icon in tray, Open Network & Internet Settings
    2. Right-click NIC, Properties
    3. Double-click on IPv4
    4. Set DNS to 1.1.1.1 and VB host IP
    5. Click Advanced
    6. Add DG to VB host IP
    7. Click OK to close all the screens
  21. Set up Polar Proxy cert
    1. On Linux Gateway: sudo ./labnet.sh polar
    2. On Victim: Open IE, (Linux host-only NIC IP):10080, open .cer file
    3. Install .cer Certificate in trusted root certificates folder
  22. Create a Tools folder on Desktop, put shortcuts for:
    1. Wireshark
    2. Procmon
    3. ProcDOT
    4. Event Viewer
  23. Snapshot VM
 
Last edited:

Top