flare-vm VS pwndbg

Follow the instructions here to setup a FLARE vm which will have all the tools you need for the labs in the book flare vm

FLARE VM: this is a boxstarter from Mandiant to add a bunch of tools to Windows for malware analysis

build it as a proxmox host and have a malware analysis VM (flare-vm for example - https://github.com/mandiant/flare-vm) you can then interact with it via Console or host another VM as an SSH jump box and ssh tunnel to port 3389 on the malware vm

FLARE VM: a Windows toolkit for malware analysis from Mandiant: https://github.com/mandiant/flare-vm

I usually run it in virtualbox without guest additions, get one of those free windows 10 isos from microsoft and install the mandiant flare vm on it ( https://github.com/mandiant/flare-vm ), after everything is installed i keep a snapshot of the windows machine with everything set up so i dont have to do it all again and once its done i set the network to internal and set set up inetsim on remnux as well if im going to do dynamic analysis so that i have an internet simulator that the malware can talk to.

I use https://any.run for quick stuff or just fire my FlareVM up.

By far the best debugger for C is gdb+pwndbg (https://github.com/pwndbg/pwndbg)

There are a lot of these types of tools already in the reverse engineering community (in order of lowest chance of breaking when you throw really weird stuff at it):

GEF: https://gef.readthedocs.io/en/master/

PWNDBG: https://github.com/pwndbg/pwndbg

PEDA: https://github.com/longld/peda

They also come with a slew of different features to aid in RE/exploit dev, but many of them are also useful for debugging really weird issues.

GDB is great. I definitely recommend checking out watchpoints as well, a very useful tool for monitoring how a variable changes over time.

GDB also has many good plugins - pwndbg has tons of features and UI improvements over stock GDB.

https://github.com/pwndbg/pwndbg

I've recently started a new semester for my Master's program, and the first project for the semester involves using the GDB tool (GNU Debugger) to analyze a stack on a simple C program that contains a buffer overflow vulnerability. A couple of semesters ago, I had been given a VM pre-loaded with a more featured debugger tool called pwndbg. Pwndbg was excellent because it was easy to use and easily allowed accessed to information such as current assembly code being executed and a view of the program registers. So, going back to using GDB felt a little like stepping back into the stone age.

Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.

i have peda installed on my gdb and now i am trying to install pwndbg with git clone https://github.com/pwndbg/pwndbg cd pwndbg ./setup.sh