Skip to content

m-dwyer/packer-malware

Repository files navigation

Intro:

Packer templates for creating a basic malware analysis lab, as per the
recommended setup in Practical Malware Analysis, but using VirtualBox instead
of VMware.

This will create a Debian VM serving up DHCP with INetSim, in addition to a
Windows host for testing, reverse engineering and otherwise analysing malware.
This will allow you to (relatively) quickly and easily spin up a lab for
performing malware analysis which you can then quickly destroy once complete.

VMs are isolated from the outside world on an internal network.  You can
ignore any SSH connection timeouts for this reason.

Windows VMs are fairly vanilla and do not include any anti-anti-VM changes to
stop malware from detecting an underlying VM.  I hope to include some methods
soon.

Modify any URLs for ISO downloads accordingly.

Any recommendations, feedback, pull requests welcome.

Templates:

debian-8.2.0-amd64.json - Base Debian install with static IP 10.0.0.1 serving
DHCP on 10.0.0.0/24.  Includes INetSim.

windows-10-victim.json - Base Windows 10 Enterprise RTM install with a dynamic
IP pulled from the Debian box.  Now includes some basic apps installed via
Chocolatey (see scripts/windows/installtools.ps1).  I may make some Chocolatey packages for other tools
(disassemblers, etc), or possibly just add an upload directory for you to
deploy your own favourite tools.

Usage:

packer build debian-8.2.0-amd64.json
packer build windows-10-victim.json
vagrant box add boxes/debian820.box --name=debian820
vagrant box add boxes/win10victim.box --name=win10victim
vagrant up d
vagrant up v

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published