Automated vagrant provisioning of Windows 10 with flarevm tools installed for Digital Forensics and Malware Analysis Lab. flare-vm tools is a powershell script originally developed by mandiant.
If you have a couple of devices with you and quickly want to spin up multiple virtual machines for blue team work, you've come to the right place! Find out more below.
-
Clone this repo.
git clone https://github.com/brootware/flarevm-up.git && cd flarevm-up
-
Execute vagrant up.
vagrant up
-
Wait for Vagrant and Virtualbox to do its magic and Start using!
You might come across ssh connection errors from vagrant up command. You can safely ignore/stop them and proceed to virtualbox gui to start using the VM.
➜ flareVagrantBox vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'rootware/flareVm'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'rootware/flareVm' version '0.0.1' is up to date...
==> default: Setting the name of the VM: forensicsLab
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Connection reset. Retrying...
default: Warning: Remote connection disconnect. Retrying...
default: Warning: Connection reset. Retrying...
default: Warning: Remote connection disconnect. Retrying...
default: Warning: Connection reset. Retrying...