Installing flare-vm : A windows based reverse-engineering environment

Installing flare-vm : A windows based reverse-engineering environment

Hello my fellow geeks ! This blog post will help you install FLARE-VM ! Whether you wanna bust malware or reverse your favorite gaming application, FLARE-VM has all tools you would need for your reverse engineering endeavors.

What is FLARE-VM?

FLARE-VM (FireEye Labs Advanced Reverse Engineering Virtual Machine) is like the Swiss Army knife of malware analysis environments. It’s a collection of software installation scripts that transform your Windows VM into a reverse engineering powerhouse.

Where Can FLARE-VM Be Used?

FLARE-VM is perfect for:

  1. Malware Analysis: Dissect malicious software and understand its inner workings.
  2. Reverse Engineering: Decompile and analyze binaries to see what makes them tick.
  3. Cybersecurity Research: Stay ahead of the latest threats by analyzing new malware.
  4. Training and Education: Perfect your skills in a controlled, virtual environment.

Requirements

Before we dive into the installation, let’s make sure our VM is ready for action. Here’s what you’ll need:

  • Windows 10 or later
  • PowerShell 5.0 or higher
  • At least 60 GB of disk space and 2 GB of RAM
  • A username without spaces or special characters (because who needs the drama?)
  • An internet connection (duh)
  • Tamper Protection and any anti-malware solution (like Windows Defender) disabled
  • Windows Updates turned off

Note : Some windows 11 versions break while installing FLARE-VM , recommended OS is Windows 10 PRO .

Installation Guide

Step 1: Prepare Your VM

First, install Windows on your virtual machine. Grab a Windows 10 ISO from Microsoft’s website. I will be using virtualbox to create a Windows VM . Make sure you choose Windows Pro / Enterprise , otherwise you won’t be able to install Flare-VM . A basic virtualbox VM installation guide can be viewed here .

– Daddy Geeky

Dad Joke Break: Why don’t programmers like nature? It has too many bugs.

Step 2: Download the Installation Script

After installing your windows VM , open PowerShell as an administrator and download the FLARE-VM installation script:

(New-Object net.webclient).DownloadFile('https://raw.githubusercontent.com/mandiant/flare-vm/main/install.ps1',"$([Environment]::GetFolderPath('Desktop'))\install.ps1")

– Daddy Geeky

Dad Joke Break: Why do Java developers wear glasses? Because they don’t C#.

Step 3: Unblock the Installation Script

PowerShell can be a bit overprotective, so let’s unblock the script:

powershell:
Unblock-File .\install.ps1

Step 4: Set Execution Policy

Enable script execution so PowerShell can do its magic:

powershell:

Set-ExecutionPolicy Unrestricted -Force

Step 5: Disable Microsoft Defender Antivirus

To disable Microsoft Defender Antivirus permanently on Windows 10, use these steps:

  1. Open Start (win key + r).
  2. Search for gpedit.msc and click the top result to open the Local Group Policy Editor.
  3. Browse the following path: Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
  4. Double-click the “Turn off Microsoft Defender Antivirus” policy.
  5. Select the Enabled option to disable Microsoft Defender Antivirus permanently.
  6. Click the Apply button.
  7. Click the OK button.
  8. Restart your computer.

Make sure to disable Windows Updates and any anti-malware software. We don’t want any surprises mid-installation!

Don’t forget to take a VM snapshot before running the script !

Start the installation with script :

./install.ps1

Now this can take a ton of time (~60 GB of tools and scripts) . Your VM will restart a few times and resume its installation automatically . It is normal 😉 . After the installation is complete you will see a nice Flare-VM wallpaper .Use the >> to select all tools or > to select your favorite ones . Click OK .

You can delete the installation executables (.msi , .exe files) from the TOOLS folder . Don’t delete the actual program executables ! Sometimes the installation may seem stuck , just press enter on the powershell console to resume the installation logs .

There you have it ladies and gents ! A fresh windows RE environment . Take a snapshot of this fresh installation and get g-RE-eky .

Comment below your plans with this overloaded VM .

By Chief Geek

Hello Geeks, I'm Chief Geek, your self-appointed Chief Geek(duh) at Weekend Geeks. By day, I’m a tech enthusiast, but by night, I morph into a caffeinated zombie on steroids type super-geek, diving headfirst into the world of gadgets, games, and all things nerdy.If something plugs in, powers up, or requires a firmware update, I’m on it faster than you can sneeze.From vintage arcade classics to the latest console crazes, I’ve rekt my way to the Chicken Dinner (not to mention a few aimbots here and there! ) . Python, Java, C++ , BrainFek– you name it, I’ve probably debugged it at 3 AM while munching on cold rocks .I talk to my Raspberry Pi more than I do to actual humans. My terminal is my therapist.When I’m not buried under a pile of intel manuals, you’ll find me blogging about the latest geek trends, reverse engineering the universe, and curating the ultimate playlist of 8-bit games and keygen soundtracks. My mission? To make Weekend Geeks your go-to destination for all things geeky, quirky, and downright fun.Fun Fact: I once stayed up 48 hours straight trying to perfect my high score in Flappy-Bird (True Story). Spoiler alert: I didn’t, but I did discover the perfect ratio of caffeine to snacks.Let's make the world a little geekier, one blog post at a time.

Leave a Reply

Your email address will not be published. Required fields are marked *

  • Facebook
  • X (Twitter)
  • LinkedIn
  • More Networks
Copy link