In my daily activities as a security analyst I often find myself writing and experimenting with code anywhere from C, Cpp, and Python. Some of the code is unknown and I have to dynamically analyze it while it runs so I need to run it in a safe virtual environment. I also write and study code that purposely breaks the functionality in Windows 10 for the purpose of later patching bugs in windows. This guide shows an easy way to get a development purpose Windows 10 virtual machine up and running so you can easily revert back to older snapshots after your's or somebody else's code breaks the system.
Tip #1. If you plan on working with any code you suspect that can cause harm over a network then you need to properly setup either a fakenet or sink the network traffic. You can also just disable the network but then again you wont be able to analyze all the network traffic with wireshark and then not be able to document the full functionality of the code your examining. I will be doing a guide soon on how to set up both fake net with virtual machines and also sinking network traffic from an unknown process so my blog later.
Tip #2. This is an opinon because some pros just harden their virtual systems. As for me I pass on hardening virtual machine software. Only use a machine that you can afford to factory reset or in extremely rare cases, turn to a brick. PCs are pretty cheap nowadays.
So here we go.
If you don't already have it download and install Virtualbox:
Keep the default settings and start the install:
Then go to developer.microsoft and download the OVA Virtualbox image:
Start up Virtualbox and go to "File" > "Import Appliance":
Navigate to the Windows 10 OVA file you just downloaded and select it:
Leave all the default settings and start the import:
That may take a few minutes:
After that is finished make sure the virtual machine you just installed is selected then click "Settings" on the top menu:
Select "Display". Click "Remote Display" and make sure the Enable Server is not selected:
If you need to share folders between your host machine and the new Windows 10 guest machine do so like this. Under settings click "Shared Folder". Then all the way to the far left click the little icon of a folder with a plus on it. Next navigate to and select the folder you want shared between the systems:
Make sure to check the "Auto Mount" selection:
Next we want to take a snapshot before we run it for the first time because this image of Windows 10 is a free license for 90 days then expires. So we can just go back and revert to that snapshot after that time:
Ok so now we can start our virtual machine by clicking the green start arrow located on the top left of the top menu:
For the first time the Windows 10 host can take a few minutes and show distorted graphics, but it always ends up getting there if your settings are appropriate:
This is another screen you may see while it takes awhile to load up the first time:
Sometimes it can even stay black for awhile:
One way to see if its still working is to monitor the Virtualbox status menu at the bottom of the screen. It will show blinking lights for the hard drive and cpu working:
I have done this many times and sometimes on machines with limited resources. Sometimes if it takes much more than 3 or 4 minutes i will power off the machine and let it reboot:
And as always there it is. After you get this run for the first time and guest additions installed it starts up much faster from there on out:
So here we are with Windows 10 now working. Now we need to get guest additions installed so we have higher resolution and access to our shared folder:
First lets immediately pause all updates. We do this because it is a test machine and we do not need to spend all that time waiting for updates to eat up our cpu while we have important work to do. Remember its a test development/analysis environment. You can update it later if you REALLY want to. Kill the updates by using the main windows search to find "Update Settings:
Then click "Advanced Options":
Then scroll down and make sure "Pause Updates" is selected:
Next we want to pause all Windows 10 store updates. So go to the main windows menu and click on the "Windows Store" in the start menu:
On the little three dots menu button in the far upper left corner click Settings:
Make sure "Update apps automatically" is checked off"
Then click on the "Downloads and updates" menu and click "Pause All":
Now we need to install guest additions. So go to the very top of the Virtualbox window and click on the menu item "Devices". Select "Insert Guest Additions":
After a moment you will get a notification that Virtualbox Guest Additions CD Drive is enabled:
Navigate to that folder and run the VBoxWindowsAdditions-amd64 file:
Let that finish running, it should not take that long:
After guest additions is done installing, windows will ask you to reboot so do that:
And BINGO! High resolutions and access to our shared folder:
Dont forget to make a snapshot of all that work you just did:
Thank you for reading. I hope you find some of this useful.
Comments
Post a Comment