A fully configured platform with open source tools
FLARE VM is a freely available and open sourced Windows-based security distribution for reverse engineering, malware analysis, incident response, forensics analysis, and penetration tests.
FLARE VM delivers a fully configured platform with a comprehensive collection of Windows security tools such as debuggers, disassemblers, decompilers, static and dynamic analysis utilities, network analysis and manipulation, web assessment, exploitation, vulnerability assessment applications, and many others.
- OllyDbg + OllyDump + OllyDumpEx
- OllyDbg2 + OllyDumpEx
- IDA Free
- Binary Ninja Demo
- 010 Editor
- ExplorerSuite (CFF Explorer)
- Sysinternals Suite
- API Monitor
Python, Modules, Tools
- Python 2.7
- VC Redistributable Modules (2008, 2010, 2012, 2013)
Create and configure a new Windows 7 or newer Virtual Machine (my suggestion: get it from https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/).
The installation script is a Boxstarter script which is used to deploy FLARE VM configurations and a collection of chocolatey packages.
The easiest way to run the script is to use Boxstarter’s web installer as follows:
- On the newly created VM, open the following URL in Internet Explorer (other browsers are not going to work):
FLAREVM_SCRIPT is a path or URL to the respective FLARE VM script. For example to install the malware analysis edition:
or if you have downloaded and copied the installation script to the local C drive:
flarevm_malware.ps1on the newly created VM and execute
More information and downlaods