LAB SETUP WINDOWS 10

1.) VM will be configured with host-only network with no connection to the network.

USERNAME : localadmin

PASSWORD : Password1

2.) Install the operating systems with default settings.

STEPS FOR INSTALLING WINDOWS 10

3.) Set internal network and set Promiscuous Mode to “ Allow VMs” so that we can capture and analyze all VM traffics.

4.) After installing OS and Virtual Box Guest Addition tools and rebooting your machine. Shutdown the machine again and take a snapshot of the clean installation before making any changes on the machine. So that we can revert back to the original state incase of any problems.

5.) After taking snapshot , start the machine. Go to control panel → Windows defender firewall → Turn off both public and private profiles and click ok.

6.) Now go to StartMenu → Settings → Update and Security → Windows Security → Virus & Threat Protection → Manage Settings → Turn Off everything.

7.) Now go to start menu → type gpedit.msc → Local group policy editor will open → Computer configuration → Administrative Templates → Network → Network Connections → Windows defender firewall → DISABLE “ protect all network connection “ option in both Domain and Standard profiles.

8.) Now go to Computer configuration → Administrative Templates → Windows Components → Microsoft Defender Antivirus → ENABLE “Turn off windows defender antivirus “.

9.) Now go to Computer configuration → Administrative Templates → Windows Update → DISABLE ” Automatic updates detection frequency “ and ENABLE “ Do not connect to any windows update internet locations “

10.) Now open network settings and set up a static IP address

IP : 192.168.1.10

SUBNET MASK : 255.255.255.0

GATEWAY : 192.168.1.1

PRIMARY DNS : 192.168.1.1

11.) Also for wannacry to run properly we need to enable a registry key , what it does is enables the adminitrative shares , so remote access to the C$ and other shares.

12.) So to do that open command prompt with admin privilege and run the below command then shutdown your machine.

COMMAND : REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f