🔒 ponchos blog.

FlareVM Tips and Tricks

If you use Mandiants FlareVM, these commands should come in handy.

If you don't use FlareVM and want to. This is how you can install it: Instructions -- Make sure Microsoft Defender is disabled as f*ck before running the PwSh script to kick off the installer.

I usually use Cmder as a replacement for the bog standard and quite frankly, boring cmd program.

Cmder

Helpful FlareVM Commands:

cup all - Update Flare tools - I sometimes have to run this command as sudo

Disclaimer: Run this command on a clean image of your FlareVM… or not, I can’t tell you what to do.

floss <filename> - Extracts strings from a file.

flarestrings <malware.exe> | rank_strings --scores - What FLOSS does but better.

strings -n 6 <.\filename.exe> - Strings cmd the -n is the String length, 6 being the length.

upx -d <filename> - Unpack Packed Malware - A good tool overal, can be flaky.

[sudo] cinst <toolname> - Install additional packages. E.g. [sudo] cinst ollydbg

man <toolname> - To view the Man(ual) page of a tool which will give you a better insight into that tool.

tldr <toolname> - Short but informative page of the tool, basic overview / commonly used cmds etc.

help - Used in Cmder will show you all of the different commands one can use.

Thank you for reading.