PMA 40: FLARE-VM (20 pts extra)

What you need

A computer with VMware or some other hypervisor product installed

Purpose

To set up a FLARE-VM--a powerful Windows-based forensic and malware analysis machine from FireEye.

The Fast Way
The steps below this box explain how to build your own FLARE-VM, which will take many hours.
However, if you are working before June, 2021, you can just copy my pre-made machine.
Download this file: FLARE-VM_Mar2021.zip
Size: 24,370,717,834 bytes (24.38 GB)
SHA256(FLARE-VM_Mar2021.zip)= 1c5ec10ba970d37ac62b5b0728ca190dc1cea6a3e12bc0eca046f03cb000e22f
Unzip that file, and import the OVF it contains into VMware or VirtualBox.
Log in with these credentials:

Username: IEUser
Password: Passw0rd!

PMA 40.1: Pentest Folder (20 pts)
On your desktop, double-click the FLARE folder icon.
Double-click the Debuggers folder.
The name of second file inside is the flag, covered by a green box in the image below.

Warning: This is a Slow Process

This project takes a lot of time and a lot of storage space (60 GB or so). It took more than a day to complete on my system.

Also, the final machine is only useful for 90 days, as far as I can tell (although there may be a way to extend that with snapshots).

Downloading Windows 10

In a browser, go to

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

In the "Virtual Machines" list, select "MSEdge on Win10...", as shown below.

In the Choose a VM platform" list, choose your virtualization software, as shown below.

Download the file. Unzip it and launch it in your virtualization software. For VMware, use File, Import, and customize the virtual machine so it has an 80 GB hard disk.

Username: IEUser
Password: Passw0rd!

Allow Windows to install any updates it wants to.

You may need to install VMware Tools (or the comparable software) manually.

Installing Firefox

In your Windows 10 virtual machine, open Edge. Go to

https://getfirefox.com

Download and install Firefox.

Installing FLARE-VM

In your Windows 10 virtual machine, in Firefox, go to

https://github.com/fireeye/flare-vm

You will see a link to a blog on installing FLARE-VM, as shown below. Click it.

Follow the instructions on that page to download and install FLARE-VM. Once you start it, it will download and install many packages, and automatically restart many times. This process took about a day when I did it.

PMA 40.1: Pentest Folder (20 pts)
On your desktop, double-click the FLARE folder icon.
Double-click the Debuggers folder.
The name of the file below OllyDbg inside is the flag, covered by a green box in the image below.

Increasing the Hard Disk Size

If you didn't already increase the hard disk size, you can do it at any time.

Instructions for VMware are here:

https://docs.vmware.com/en/VMware-Fusion/11/com.vmware.fusion.using.doc/GUID-2CE88716-DB0B-4612-AEFE-726E737E347B.html

Posted 9-14-2020
Hard disk resize link added 9-15-2020
Instructions expanded 10-7-20
Flag updated 3-2-21
Instructions about Windows Update and VMware Tools added 3-9-21
Flag description updated 3-17-21