FLARE-VM: The Toolkit for Reverse Engineering Enthusiasts!

If you’re interested in reverse engineering like me, let me introduce you to Mandiant’s FLARE-VM! It’s a handy tool to quickly set up a malware analysis lab without much hassle.

In concrete terms, FLARE-VM is a nice collection of installation scripts for Windows, based on two badass technologies: Chocolatey (a package manager) and Boxstarter (a tool for scripting installs and configuring reproducible environments). In short, it does the heavy lifting and allows you to install and properly configure a whole bunch of tools in just a few minutes.

Before you get started, you need to check a couple of prerequisites. First, remember that FLARE-VM is designed to run on a VM, so prepare a clean one (preferably Windows 10+) on VMWare or VirtualBox, for example. Then, make sure you have at least 60 GB of disk space and 2 GB of RAM. And don’t forget to disable Windows updates and antivirus, otherwise, it might cause problems.

Next, open a PowerShell prompt as an administrator and download the installation script installer.ps1 to your desktop using the following command:

(New-Object net.webclient).DownloadFile('https://raw.githubusercontent.com/mandiant/flare-vm/main/install.ps1',"$([Environment]::GetFolderPath("Desktop"))\install.ps1")

Unblock the installation script:

Unblock-File .\install.ps1

Then enable its execution:

Set-ExecutionPolicy Unrestricted -Force

If you receive an error message indicating that the execution policy is overridden by a policy defined at a more specific scope, you might need to pass a scope via Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force. To display the execution policies for all scopes, run Get-ExecutionPolicy -List.

Finally, execute the installation script like this:

.\install.ps1

To pass your password as an argument:

.\install.ps1 -password <password>

To use CLI mode only with minimal user interaction:

.\install.ps1 -password <password> -noWait -noGui

To use CLI mode only with minimal user interaction and a custom configuration file:

.\install.ps1 -customConfig <config.xml> -password <password> -noWait -noGui

Once launched, the installation will download and install all the selected tools, configure environment variables, pin shortcuts to the taskbar, etc. In short, with just a few clicks, you’ll get a finely tuned reverse engineering environment, ready to dissect malware!

After installation, it is recommended to switch to host-only network mode and take a snapshot of the virtual machine. You can then customize your FLARE VM environment according to your specific needs:

  • Update the installed tools and software to ensure you have the latest versions.
  • Configure network settings according to your preferences, for example by switching to NAT or bridge mode if necessary.
  • Install additional tools or utilities that might be useful for your analysis workflow.
  • Customize the user interface settings and preferences to your liking.

And off you go!

If you want to go further and contribute to the improvement of FLARE-VM, check out the project’s GitHub repositories:

"Because of the Google update, I, like many other blogs, lost a lot of traffic."

Join the Newsletter

Please, subscribe to get our latest content by email.

Mohamed SAKHRI
Mohamed SAKHRI

I'm the creator and editor-in-chief of Tech To Geek. Through this little blog, I share with you my passion for technology. I specialize in various operating systems such as Windows, Linux, macOS, and Android, focusing on providing practical and valuable guides.

Articles: 1454

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *