Had a thought whilst stuck in traffic today. I seem to spend a disproportionate amount of time installing/setting up tools each time I switch to a new machine. I've built some quick VMWare environments for reversing, but usually on an as-needed basis so only containing the tools I need at the time.

I was wondering what people's thoughts were on a community-created RCE VMWare system. I'm not aware of anything similar available right now.

Benefits: live CDs have worked well for security tools for a long time (Backtrack, NST etc). As we're mostly Windows based a real livecd is possible but seems like a lot of hassle, so a VM image would be a good compromise. It would have all the usual tools preconfigured with various options for use, and would be very quick to restore/keep working on.

Negatives: Hosting it could be a problem, as it would be borderline warez at best (esp. if IDA or similar is included). Size would be an issue for some people on limited bandwidth. Keeping it updated is another consideration. It also totally breaks the Tools of the Trade forum rules.

I'm sure some people here already have their own VM environments, but sharing with a wider audience (even if the audience was limited to "known" reversers so we're not just distributing warez tools etc) can only be a good thing. I know I'd certainly benefit from a Win2k VM image with all the tools preinstalled (and in sice's case, working!) - copy it to HD, start VMWare and we're good to go in a few minutes.

Your thoughts please?

Your Windows license is going to be the first hurdle before you even get to the software on it...

Nice thought though

Acknowledging that it would be warezed, using a Select version of Windows 2000 will mean no activation, no license and a fully working system.

The idea sounds great, I am too like many others created my own vm with all the tools I like using for reversing. However, distributing a windows vm may be considered software piracing, so it may not be a good idea to do that.

In the purely hypothetical case that someone would want to commit such a heinous terrorist act, the best way would probably be to maintain this VMware image as a torrent submitted to multiple known trackers, thus not per se being "hosted" by a certain site that could be fair game for our friends with all too much time, money and lawyers...

Just use spare hardware. Can be found cheaply. (This is from someone who has a whole crate of "discarded" P-IIIs from a rather wasteful school, so your experience may vary...)

Awww c'mon.

If Bill can charge money for the widespread distribution of his virii, how can giving it away be any worse.

I would clearly appreciate such a thing! Too much of time is probably spent on setting up suitable reversing systems.

But I agree... there would be many legal difficulties so it's best to mirror it with a torrent or alike.



Uhm... I have about 4 such boxes too, but I have to say it's so annoying to change everything all the time (limited space...). Some image is much more comfortable IMHO