Intro #
I will be using Proxmox to host my virtual machine(s) for my home malware lab. Proxmox is a type 1 hypervisor (bare metal hypervisor) meaning it interacts with the hardware and there is no underlying operating system required such as Windows/Linux.
Why Am I Using Proxmox? #
Experimental purposes and it seemed like a fun way to learn more about virtualization! Also to create a safe and isolated environment to analyze suspicious binaries
Setting Up The Malware Lab #
Proxmox install #
I will be installing Proxmox on a HP Mini Desktop.
After, I followed the guide over at Proxmox.
Upon finishing configuration, we can login via the web interface. Now, I will upload Windows 10.iso file to my proxmox server.
Windows 10 with Flare-VM #
Once we have the iso file onto our server we can create our VM. Flare-VM is just a suite of tools/scripts for reverse engineering and malware analysis. According to Flare-VM Github we need to the following specs for our VM.
- Windows >= 10
- PowerShell >= 5
- Disk capacity of at least 60 GB and memory of at least 2GB
- Usernames without spaces or other special characters
- Internet connection
- Tamper Protection and any Anti-Malware solution (e.g., Windows Defender) Windows Defender disabled, preferably via Group Policy
- Windows Updates Disabled
Once I had all the system requirements met, I took a snapshot of the current state of the VM (Incase the Flare-VM install fails for whatever reason).
Now, to install Flare-VM, I just need to run the powershell script thats posted on their GitHub which takes like 20 minutes or so. Once installation is complete take a snapshot and the virtual machine is ready.
Conclusion #
Proxmox was super easy to install and you can get your VM running in no time. It has a bunch of features and settings that I am excited to experiment with in the near future. The snapshot tool is also a requirement because after analyzing malware, you want to revert the VM to a clean state again.