{"componentChunkName":"component---src-templates-post-template-js","path":"/ctf-setup-windows-lab-en","result":{"data":{"markdownRemark":{"id":"5fc51777-b9e0-5b4b-84b4-5e66b0b62e9e","html":"<blockquote>\n<p>This page has been machine-translated from the <a href=\"/ctf-setup-windows-lab\">original page</a>.</p>\n</blockquote>\n<p>My CTF machine’s configuration had gotten complicated enough that I could no longer keep track of it, so I decided to start fresh and build a new environment.</p>\n<p>This time, I want to set things up as much as possible using command-based approaches, so I can save effort the next time I need to build a similar environment.</p>\n<p>Note that since the problems I mainly work on are Reversing (Rev) and Forensics, the tools I install may be somewhat biased toward those categories — please bear with me.</p>\n<!-- omit in toc -->\n<h2 id=\"table-of-contents\" style=\"position:relative;\"><a href=\"#table-of-contents\" aria-label=\"table of contents permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Table of Contents</h2>\n<ul>\n<li>\n<p><a href=\"#prerequisites\">Prerequisites</a></p>\n<ul>\n<li><a href=\"#clean-os-installation-and-updates\">Clean OS Installation and Updates</a></li>\n<li><a href=\"#enabling-nested-virtualization\">Enabling Nested Virtualization</a></li>\n<li><a href=\"#changing-network-adapter-settings\">Changing Network Adapter Settings</a></li>\n<li><a href=\"#deleting-the-recovery-partition\">Deleting the Recovery Partition</a></li>\n</ul>\n</li>\n<li>\n<p><a href=\"#windows-setup\">Windows Setup</a></p>\n<ul>\n<li><a href=\"#show-file-extensions-and-hidden-files-in-explorer\">Show File Extensions and Hidden Files in Explorer</a></li>\n<li><a href=\"#enable-windows-features\">Enable Windows Features</a></li>\n<li><a href=\"#change-ime-settings\">Change IME Settings</a></li>\n<li><a href=\"#disable-system-sounds\">Disable System Sounds</a></li>\n</ul>\n</li>\n<li><a href=\"#addendum-windows-11-only-change-explorer-right-click-behavior\">Addendum (Windows 11 only): Change Explorer Right-Click Behavior</a></li>\n<li><a href=\"#addendum-add-desktop-shortcuts-for-all-exe-files-under-a-specific-folder\">Addendum: Add Desktop Shortcuts for All EXE Files Under a Specific Folder</a></li>\n<li><a href=\"#install-analysis-tools-via-winget\">Install Analysis Tools via WinGet</a></li>\n<li>\n<p><a href=\"#manually-install-various-analysis-tools\">Manually Install Various Analysis Tools</a></p>\n<ul>\n<li><a href=\"#windbg\">WinDbg</a></li>\n<li><a href=\"#sysinternals\">Sysinternals</a></li>\n<li><a href=\"#net-60-desktop-runtime\">.NET 6.0 Desktop Runtime</a></li>\n<li><a href=\"#ghidra\">Ghidra</a></li>\n<li><a href=\"#visual-studio-2019\">Visual Studio 2019</a></li>\n<li><a href=\"#noriben\">Noriben</a></li>\n<li><a href=\"#java-17\">Java 17</a></li>\n<li><a href=\"#java-8\">Java 8</a></li>\n<li><a href=\"#eclipse-memory-analyzer\">Eclipse Memory Analyzer</a></li>\n<li><a href=\"#android-studio\">Android Studio</a></li>\n<li><a href=\"#android-sdk-platform-tools\">Android SDK Platform Tools</a></li>\n<li><a href=\"#android-ndk\">Android NDK</a></li>\n<li><a href=\"#pestudio\">pestudio</a></li>\n<li><a href=\"#registrychangesview\">RegistryChangesView</a></li>\n<li><a href=\"#hayabusa\">Hayabusa</a></li>\n<li><a href=\"#timeline-explorer\">Timeline Explorer</a></li>\n<li><a href=\"#hasher\">Hasher</a></li>\n<li><a href=\"#jq\">jq</a></li>\n<li><a href=\"#frida\">Frida</a></li>\n<li><a href=\"#eclipse-ide\">Eclipse IDE</a></li>\n<li><a href=\"#gradle\">Gradle</a></li>\n<li><a href=\"#peid\">PEiD</a></li>\n<li><a href=\"#jadx\">jadx</a></li>\n<li><a href=\"#jd-gui\">jd-gui</a></li>\n<li><a href=\"#processhacker\">ProcessHacker</a></li>\n<li><a href=\"#lldb\">LLDB</a></li>\n<li><a href=\"#npcap\">npcap</a></li>\n<li><a href=\"#windows-terminal\">Windows Terminal</a></li>\n<li><a href=\"#hollows_hunter\">hollows_hunter</a></li>\n<li><a href=\"#apiminer\">APIMiner</a></li>\n<li><a href=\"#cyberchef\">CyberChef</a></li>\n<li><a href=\"#upx\">UPX</a></li>\n<li><a href=\"#ftk-imager\">FTK Imager</a></li>\n<li><a href=\"#pdfstreamdumper\">PDFStreamDumper</a></li>\n<li><a href=\"#usamimi-hurricane-aozora-shiro-neko\">UsaMimi Hurricane, Aozora Shiro Neko</a></li>\n<li><a href=\"#volatility-26\">Volatility 2.6</a></li>\n<li><a href=\"#universal-radio-hacker-urh\">Universal Radio Hacker (URH)</a></li>\n<li><a href=\"#cheat-engine\">Cheat Engine</a></li>\n<li><a href=\"#sysmon\">Sysmon</a></li>\n<li><a href=\"#vcxsrv-windows-x-server\">VcXsrv Windows X Server</a></li>\n<li><a href=\"#pybag\">Pybag</a></li>\n<li><a href=\"#assetstudio\">AssetStudio</a></li>\n<li><a href=\"#extremedumper\">ExtremeDumper</a></li>\n<li><a href=\"#quick-assembler\">Quick Assembler</a></li>\n<li><a href=\"#cutter\">cutter</a></li>\n<li><a href=\"#fiddler\">Fiddler</a></li>\n</ul>\n</li>\n<li><a href=\"#install-tools-via-chocolatey\">Install Tools via Chocolatey</a></li>\n<li><a href=\"#set-up-environment-variables\">Set Up Environment Variables</a></li>\n<li>\n<p><a href=\"#wsl-setup\">WSL Setup</a></p>\n<ul>\n<li><a href=\"#switch-to-wsl2\">Switch to WSL2</a></li>\n<li><a href=\"#install-packages\">Install Packages</a></li>\n<li><a href=\"#install-libc-database-in-wsl2\">Install libc-database in WSL2</a></li>\n<li><a href=\"#install-rp-in-wsl2\">Install rp++ in WSL2</a></li>\n<li><a href=\"#install-remnux-tools-in-wsl2\">Install REMnux Tools in WSL2</a></li>\n<li><a href=\"#enable-gui-tools-in-wsl2\">Enable GUI Tools in WSL2</a></li>\n<li><a href=\"#kali-setup\">Kali Setup</a></li>\n</ul>\n</li>\n<li><a href=\"#summary\">Summary</a></li>\n</ul>\n<h2 id=\"prerequisites\" style=\"position:relative;\"><a href=\"#prerequisites\" aria-label=\"prerequisites permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Prerequisites</h2>\n<h3 id=\"clean-os-installation-and-updates\" style=\"position:relative;\"><a href=\"#clean-os-installation-and-updates\" aria-label=\"clean os installation and updates permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Clean OS Installation and Updates</h3>\n<p>Since I normally solve CTF problems on a Windows machine, the VM I’m building is also Windows.</p>\n<p>I’m using Hyper-V as the virtualization platform, and created the machine with the following configuration.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 700px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/0cb581ea969deadc44c752e72dd7a9ef/8c557/image-20230518141449150.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 64.58333333333334%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAANCAYAAACpUE5eAAAACXBIWXMAAAsTAAALEwEAmpwYAAABqElEQVQ4y62Si46bMBBF/f8/1pW6TZqkzQrSAMaYh3mER7JJgOTWM7us2KraSm0tXRkP9pk7Hov1tycsNw5cT0KGCp4vXyR9uMqFE7oIZACtNbIsQ5qmPJOSJHlTHMccE6tdgM+uxNNeYW9BTXdCbRVFGltni527w/b7Fo7j2FgEpRR830cQBAw3xrwlKIoCIjA19kqjLnMMfQ8at9toHUVYLBb49PCA9XqN5fIrVqsVNpsNxx8fv0BbV23boa5rNE3Ds1CmQpjYDDbb8/OZf1wuF3ZCmhwcTycMw8Aax5vViL5/WffWyDCMaLsOIs40VCTRNu2ruxsrDEOYPMfJgtq25ewU/2icz2cIL4zww/MhpeRD9/udfxIwt8Dj8chldTY7gedqrChOFew9j5sj4rRAagruUhInXC6VwA5tuYfDAVVVseh7rilGzaFGcZfjrECSGgbQhuv1+g44XfZHoj3klGZRlDZDljOd7osGlT0H/upsLgLO1yLUGSKd2Dem+PES7HfAP7mc9ojcOizLkg9X1eHfgXSInPWvj3p6On8NJHe5yf8b8CfQftTgWoXc9AAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/0cb581ea969deadc44c752e72dd7a9ef/8ac56/image-20230518141449150.webp 240w,\n/static/0cb581ea969deadc44c752e72dd7a9ef/d3be9/image-20230518141449150.webp 480w,\n/static/0cb581ea969deadc44c752e72dd7a9ef/426ac/image-20230518141449150.webp 700w\"\n              sizes=\"(max-width: 700px) 100vw, 700px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/0cb581ea969deadc44c752e72dd7a9ef/8ff5a/image-20230518141449150.png 240w,\n/static/0cb581ea969deadc44c752e72dd7a9ef/e85cb/image-20230518141449150.png 480w,\n/static/0cb581ea969deadc44c752e72dd7a9ef/8c557/image-20230518141449150.png 700w\"\n            sizes=\"(max-width: 700px) 100vw, 700px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/0cb581ea969deadc44c752e72dd7a9ef/8c557/image-20230518141449150.png\"\n            alt=\"image-20230518141449150\"\n            title=\"image-20230518141449150\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>The storage capacity is set to 232 GB.</p>\n<p>The OS clean installation and update procedure is omitted here.</p>\n<h3 id=\"enabling-nested-virtualization\" style=\"position:relative;\"><a href=\"#enabling-nested-virtualization\" aria-label=\"enabling nested virtualization permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Enabling Nested Virtualization</h3>\n<p>After creating the virtual machine, shut it down and run the following cmdlet from an elevated PowerShell prompt to enable nested virtualization.</p>\n<p>This allows you to launch Android Emulator and similar tools inside the virtual machine.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\"><span class=\"token comment\"># Set-VMProcessor -VMName &lt;VMName> -ExposeVirtualizationExtensions $true</span>\n<span class=\"token function\">Set-VMProcessor</span> <span class=\"token operator\">-</span>VMName <span class=\"token string\">\"Win10CTF\"</span> <span class=\"token operator\">-</span>ExposeVirtualizationExtensions <span class=\"token boolean\">$true</span></code></pre></div>\n<p>Reference: <a href=\"https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Run Hyper-V in a Virtual Machine with Nested Virtualization | Microsoft Learn</a></p>\n<h3 id=\"changing-network-adapter-settings\" style=\"position:relative;\"><a href=\"#changing-network-adapter-settings\" aria-label=\"changing network adapter settings permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Changing Network Adapter Settings</h3>\n<p>Run the following from an elevated PowerShell prompt to change the network adapter settings.</p>\n<p>In this setup, the Default Switch for external connectivity uses the default DHCP connection, and the Internal network adapter is assigned the static address 192.168.50.10/28.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\"><span class=\"token comment\"># Use Get-NetIPAddress to identify the InterfaceIndex for the Internal NIC</span>\n<span class=\"token function\">Get-NetIPAddress</span>\n>\nIPAddress         : 169<span class=\"token punctuation\">.</span>254<span class=\"token punctuation\">.</span>116<span class=\"token punctuation\">.</span>214\nInterfaceIndex    : 8\nInterfaceAlias    : Ethernet 3\nAddressFamily     : IPv4\n\n<span class=\"token comment\"># Assign 192.168.50.10/28 to the network with InterfaceIndex 8</span>\n<span class=\"token function\">New-Netipaddress</span> <span class=\"token operator\">-</span>InterfaceIndex 8 <span class=\"token operator\">-</span>IpAddress 192<span class=\"token punctuation\">.</span>168<span class=\"token punctuation\">.</span>50<span class=\"token punctuation\">.</span>10 <span class=\"token operator\">-</span>PrefixLength 28</code></pre></div>\n<p>Reference: <a href=\"https://learn.microsoft.com/en-us/powershell/module/nettcpip/new-netipaddress?view=windowsserver2022-ps\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">New-NetIPAddress (NetTCPIP) | Microsoft Learn</a></p>\n<h3 id=\"deleting-the-recovery-partition\" style=\"position:relative;\"><a href=\"#deleting-the-recovery-partition\" aria-label=\"deleting the recovery partition permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Deleting the Recovery Partition</h3>\n<p>Since this is a virtual machine, I’ll delete the recovery partition.</p>\n<p>Launch Diskpart.exe from an elevated Command Prompt and run the following commands in order.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\">Diskpart<span class=\"token punctuation\">.</span>exe\n\n<span class=\"token comment\"># List disks and select one</span>\nDISKPART> list disk\nDisk 0    Online\n\nDISKPART> <span class=\"token function\">select</span> disk 0\n\n<span class=\"token comment\"># List partitions and identify the Recovery partition ID</span>\nDISKPART> list partition\n\nPartition <span class=\"token comment\">###  Type              Size     Offset</span>\n<span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">-</span>  <span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">--</span>  <span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">-</span>  <span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">--</span><span class=\"token operator\">-</span>\nPartition 3    Recovery           535 MB    79 GB\n\n<span class=\"token comment\"># Select the identified Recovery partition and delete it</span>\nDISKPART> <span class=\"token function\">select</span> partition 3\nDISKPART> delete partition override</code></pre></div>\n<h2 id=\"windows-setup\" style=\"position:relative;\"><a href=\"#windows-setup\" aria-label=\"windows setup permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Windows Setup</h2>\n<p>After starting the created virtual machine, open PowerShell as administrator and apply the various settings.</p>\n<p>The following command can apply all settings at once.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\"><span class=\"token comment\"># Set the username used in user folder paths</span>\n<span class=\"token variable\">$username</span> = <span class=\"token string\">\"kash1064\"</span>\n\n<span class=\"token comment\"># Set timezone to UTC</span>\ntzutil<span class=\"token punctuation\">.</span>exe <span class=\"token operator\">/</span>s <span class=\"token string\">\"UTC\"</span>\n\n<span class=\"token comment\"># Change PowerShell script execution policy</span>\n<span class=\"token function\">Set-ExecutionPolicy</span> RemoteSigned\n\n<span class=\"token comment\"># Show file extensions and hidden files in Explorer</span>\n<span class=\"token function\">Set-ItemProperty</span> <span class=\"token string\">\"HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\"</span> <span class=\"token operator\">-</span>name <span class=\"token string\">\"HideFileExt\"</span> <span class=\"token operator\">-</span>Value 0\n<span class=\"token function\">Set-ItemProperty</span> <span class=\"token string\">\"HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\"</span> <span class=\"token operator\">-</span>name <span class=\"token string\">\"Hidden\"</span> <span class=\"token operator\">-</span>Value 1\n\n<span class=\"token comment\"># Enable RDP connections</span>\n<span class=\"token function\">Set-ItemProperty</span> <span class=\"token operator\">-</span>Path <span class=\"token string\">\"HKLM:\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\"</span> <span class=\"token operator\">-</span>Name <span class=\"token string\">\"fDenyTSConnections\"</span> <span class=\"token operator\">-</span>Value 0\n<span class=\"token function\">Enable-NetFirewallRule</span> <span class=\"token operator\">-</span>DisplayGroup <span class=\"token string\">\"Remote Desktop\"</span>\n\n<span class=\"token comment\"># List feature names: Get-WindowsOptionalFeature -Online</span>\n<span class=\"token comment\"># Enable WSL, Virtual Machine Platform, and Hyper-V</span>\n<span class=\"token function\">Enable-WindowsOptionalFeature</span> <span class=\"token operator\">-</span>NoRestart <span class=\"token operator\">-</span>Online <span class=\"token operator\">-</span>FeatureName Microsoft-Windows-Subsystem-Linux\n<span class=\"token function\">Enable-WindowsOptionalFeature</span> <span class=\"token operator\">-</span>NoRestart <span class=\"token operator\">-</span>Online <span class=\"token operator\">-</span>FeatureName HypervisorPlatform\n<span class=\"token function\">Enable-WindowsOptionalFeature</span> <span class=\"token operator\">-</span>NoRestart <span class=\"token operator\">-</span>Online <span class=\"token operator\">-</span>FeatureName VirtualMachinePlatform\n<span class=\"token function\">Enable-WindowsOptionalFeature</span> <span class=\"token operator\">-</span>NoRestart <span class=\"token operator\">-</span>Online <span class=\"token operator\">-</span>FeatureName Microsoft-Hyper-V-All\n\n<span class=\"token comment\"># Remove unnecessary pre-installed Store packages</span>\n<span class=\"token comment\"># List packages with: Get-AppxPackage | Select-Object Name</span>\n<span class=\"token comment\"># TikTok and Instagram require manual removal</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>MicrosoftSolitaireCollection* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>MicrosoftStickyNotes* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>People* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Office<span class=\"token punctuation\">.</span>OneNote* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>GetHelp* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>MicrosoftOfficeHub* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>MicrosoftSolitaireCollection* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>MicrosoftStickyNotes* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>People* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>SkypeApp* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>YourPhone* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>SpotifyAB<span class=\"token punctuation\">.</span>SpotifyMusic* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Disney* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>ZuneMusic* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>3DViewer* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>MSPaint* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>WindowsMaps* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>messaging* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>windowscommunicationsapps* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>ZuneVideo* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>BingWeather* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>MicrosoftOfficeHub* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-Appxpackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>549981C3F5F10* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-AppxPackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>Todo* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-AppxPackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>GetHelp* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-AppxPackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>GamingApp* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-AppxPackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>People* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-AppxPackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>WindowsCamera* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-AppxPackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>WindowsFeedbackHub* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-AppxPackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>YourPhone* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-AppxPackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>BingNews* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-AppxPackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>BingWeather* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-AppxPackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>MicrosoftSolitaireCollection* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-AppxPackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>Getstarted* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-AppxPackage</span>\n<span class=\"token function\">Get-AppxPackage</span> <span class=\"token operator\">-</span>alluser <span class=\"token operator\">*</span>Microsoft<span class=\"token punctuation\">.</span>WindowsNotepad* <span class=\"token punctuation\">|</span> <span class=\"token function\">Remove-AppxPackage</span>\n\n\n<span class=\"token comment\"># Remove unnecessary shortcuts</span>\n<span class=\"token comment\"># C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs</span>\n<span class=\"token comment\"># %USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs</span>\n<span class=\"token function\">Get-ChildItem</span> <span class=\"token operator\">-</span>Path <span class=\"token string\">\"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\"</span>\n<span class=\"token function\">Remove-Item</span> <span class=\"token operator\">-</span>Path <span class=\"token string\">\"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\"</span> <span class=\"token operator\">-</span>Include <span class=\"token operator\">*</span><span class=\"token punctuation\">.</span>lnk\n\n<span class=\"token comment\"># Register all Desktop shortcuts in the Start Menu as well</span>\n<span class=\"token function\">Copy-Item</span> <span class=\"token operator\">-</span>Path <span class=\"token string\">\"C:\\Users\\<span class=\"token variable\">$username</span>\\Desktop\\*.lnk\"</span> <span class=\"token operator\">-</span>Destination <span class=\"token string\">\"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\"</span>\n\n<span class=\"token comment\"># Create the Tools folder</span>\n<span class=\"token function\">New-Item</span> <span class=\"token operator\">-</span>ItemType <span class=\"token string\">\"directory\"</span> <span class=\"token operator\">-</span>Path <span class=\"token string\">\"C:\\Tools\"</span>\n\n<span class=\"token comment\"># Add Defender exclusions</span>\n<span class=\"token function\">Add-MpPreference</span> <span class=\"token operator\">-</span>ExclusionPath <span class=\"token string\">\"C:\\Tools\\\"</span>\n<span class=\"token function\">Add-MpPreference</span> <span class=\"token operator\">-</span>ExclusionPath  <span class=\"token string\">\"C:\\Users\\kash1064\\AppData\\Local\\Packages\\CanonicalGroupLimited.Ubuntu_*\\\"</span>\n<span class=\"token function\">Add-MpPreference</span> <span class=\"token operator\">-</span>ExclusionPath <span class=\"token string\">\"C:\\Users\\kash1064\\Downloads\\\"</span>\n\n<span class=\"token comment\"># Change UAC to level 2 (notify only)</span>\n<span class=\"token comment\"># Get-ItemProperty HKLM:Software\\Microsoft\\Windows\\CurrentVersion\\policies\\system</span>\n<span class=\"token function\">Set-ItemProperty</span> <span class=\"token string\">\"HKLM:Software\\Microsoft\\Windows\\CurrentVersion\\policies\\system\"</span> <span class=\"token operator\">-</span>name <span class=\"token string\">\"ConsentPromptBehaviorAdmin\"</span> <span class=\"token operator\">-</span>Value 5\n<span class=\"token function\">Set-ItemProperty</span> <span class=\"token string\">\"HKLM:Software\\Microsoft\\Windows\\CurrentVersion\\policies\\system\"</span> <span class=\"token operator\">-</span>name <span class=\"token string\">\"PromptOnSecureDesktop\"</span> <span class=\"token operator\">-</span>Value 0\n<span class=\"token function\">Set-ItemProperty</span> <span class=\"token string\">\"HKLM:Software\\Microsoft\\Windows\\CurrentVersion\\policies\\system\"</span> <span class=\"token operator\">-</span>name <span class=\"token string\">\"EnableLUA\"</span> <span class=\"token operator\">-</span>Value 1\n\n<span class=\"token comment\"># Restart the OS</span>\n<span class=\"token function\">Start-Sleep</span> <span class=\"token operator\">-</span>Seconds 30\n<span class=\"token function\">Restart-Computer</span></code></pre></div>\n<p> An OS restart is required for the settings to take effect.</p>\n<h3 id=\"show-file-extensions-and-hidden-files-in-explorer\" style=\"position:relative;\"><a href=\"#show-file-extensions-and-hidden-files-in-explorer\" aria-label=\"show file extensions and hidden files in explorer permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Show File Extensions and Hidden Files in Explorer</h3>\n<p>Explorer option settings can be managed via registry keys under <code class=\"language-text\">HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced</code>.</p>\n<p>The following cmdlets configure Explorer to show file extensions and hidden files.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\"><span class=\"token comment\"># Show file extensions and hidden files in Explorer</span>\n<span class=\"token function\">Set-ItemProperty</span> <span class=\"token string\">\"HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\"</span> <span class=\"token operator\">-</span>name <span class=\"token string\">\"HideFileExt\"</span> <span class=\"token operator\">-</span>Value 0\n<span class=\"token function\">Set-ItemProperty</span> <span class=\"token string\">\"HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\"</span> <span class=\"token operator\">-</span>name <span class=\"token string\">\"Hidden\"</span> <span class=\"token operator\">-</span>Value 1</code></pre></div>\n<h3 id=\"enable-windows-features\" style=\"position:relative;\"><a href=\"#enable-windows-features\" aria-label=\"enable windows features permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Enable Windows Features</h3>\n<p>The following features are enabled to support WSL2, Android Studio emulator, and similar tools.</p>\n<p>Note: omitting <code class=\"language-text\">-NoRestart</code> will cause a restart immediately after executing the command.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\"><span class=\"token comment\"># Enable WSL, Virtual Machine Platform, and Hyper-V</span>\n<span class=\"token function\">Enable-WindowsOptionalFeature</span> <span class=\"token operator\">-</span>NoRestart <span class=\"token operator\">-</span>Online <span class=\"token operator\">-</span>FeatureName Microsoft-Windows-Subsystem-Linux\n<span class=\"token function\">Enable-WindowsOptionalFeature</span> <span class=\"token operator\">-</span>NoRestart <span class=\"token operator\">-</span>Online <span class=\"token operator\">-</span>FeatureName HypervisorPlatform\n<span class=\"token function\">Enable-WindowsOptionalFeature</span> <span class=\"token operator\">-</span>NoRestart <span class=\"token operator\">-</span>Online <span class=\"token operator\">-</span>FeatureName VirtualMachinePlatform\n<span class=\"token function\">Enable-WindowsOptionalFeature</span> <span class=\"token operator\">-</span>NoRestart <span class=\"token operator\">-</span>Online <span class=\"token operator\">-</span>FeatureName Microsoft-Hyper-V-All</code></pre></div>\n<p>Reference: <a href=\"https://learn.microsoft.com/en-us/powershell/module/dism/enable-windowsoptionalfeature?view=windowsserver2022-ps\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Enable-WindowsOptionalFeature (DISM) | Microsoft Learn</a></p>\n<h3 id=\"change-ime-settings\" style=\"position:relative;\"><a href=\"#change-ime-settings\" aria-label=\"change ime settings permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Change IME Settings</h3>\n<p>I configured this through the GUI for now.</p>\n<p>Reference: <a href=\"/windows-client-setup-en#ime%E9%85%8D%E5%88%97%E3%82%92%E3%82%AB%E3%82%B9%E3%82%BF%E3%83%9E%E3%82%A4%E3%82%BA%E3%81%99%E3%82%8B\">Customize the IME layout</a></p>\n<h3 id=\"disable-system-sounds\" style=\"position:relative;\"><a href=\"#disable-system-sounds\" aria-label=\"disable system sounds permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Disable System Sounds</h3>\n<p>I also configured this through the GUI for now.</p>\n<p>Open [Change system sounds] from Control Panel and set it to [No Sounds].</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 666px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/db816efd60deee9da06555a5e20dd066/ace37/image-20230519150525712.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 84.58333333333331%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAARCAYAAADdRIy+AAAACXBIWXMAAAsTAAALEwEAmpwYAAACbUlEQVQ4y5VUyVbjMBDMn3AcDlw4hP//guFANgPZbIcQx6tsS95rqmWY5DEHGL1Xr9WSXOnqJZP7+3tMp1Pc3d1ZO50+4IG4/XWLm5ub/8ZkvV5DMJvNMV/OMHeeiBlmqyc4r0u4+y3c3Rbb7RY7YrPZjPvdxb/GBB8rOAU4JQpeZnDKNd7zEm6qEWkgrYB2ABq+S1QGRT+n0+LfNWnaFsMwIMkV4rzAJohxyjRy3SMuWgRZzfMGXdejaTvI+9bazp5h6NH3F1hCWU+ug13kYR+SUBVIyw5KtygqWtNB1z0KM+6V7pARCX/wrBp7J0sCo+TBOjGJjmGIt0whN/y46mGangT9XxJTd7wTstairCWqAf0wXCQPH85iv8LLwYWXJJT9jmPKXDGPxyBBrLSNVFcNCt2QnNaQ0DAVVCgwxqCqqgvhLmA1g5CSKyKHGxl4R0bsewjPZ0RRiDzPoViUOI6sr3VJaEumlEJRFGOVh6uQRSbzzaQPSLOc7bGDs3rG68srPNfFZr3FYr6w2O/38H2freWSbCT/G6HYa2I6lGDwdjhgPlvYtqoYScFOkEhKIShLlALuu667EH4lFVesSPE8D47j4P10QpZlSJjjNE0RsoByFlG+y8jFl/eTr415TS4PZBrmnCKZJpH98jzKd5YrK3tFK/dCaIvyHaHkTT4SyS2rWdc1mqaxaJvRF7nymZX8HaHvH/D4+5EFcO15ayfkApmOhsRRFH9PKA8kqohynJUzVpNF+bqEVHL7I8KOjxWLsZwvKd9jVbW9+5xd2ctMZ5ywH0k+s6l9b+y1A+WLr7WxJO3HH8VnboXwD29+6nwi9f8uAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/db816efd60deee9da06555a5e20dd066/8ac56/image-20230519150525712.webp 240w,\n/static/db816efd60deee9da06555a5e20dd066/d3be9/image-20230519150525712.webp 480w,\n/static/db816efd60deee9da06555a5e20dd066/be082/image-20230519150525712.webp 666w\"\n              sizes=\"(max-width: 666px) 100vw, 666px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/db816efd60deee9da06555a5e20dd066/8ff5a/image-20230519150525712.png 240w,\n/static/db816efd60deee9da06555a5e20dd066/e85cb/image-20230519150525712.png 480w,\n/static/db816efd60deee9da06555a5e20dd066/ace37/image-20230519150525712.png 666w\"\n            sizes=\"(max-width: 666px) 100vw, 666px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/db816efd60deee9da06555a5e20dd066/ace37/image-20230519150525712.png\"\n            alt=\"image-20230519150525712\"\n            title=\"image-20230519150525712\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<h2 id=\"addendum-windows-11-only-change-explorer-right-click-behavior\" style=\"position:relative;\"><a href=\"#addendum-windows-11-only-change-explorer-right-click-behavior\" aria-label=\"addendum windows 11 only change explorer right click behavior permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Addendum (Windows 11 only): Change Explorer Right-Click Behavior</h2>\n<p>The following command changes the right-click behavior in Explorer to match Windows 10 style.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">reg.exe <span class=\"token function\">add</span> <span class=\"token string\">\"HKCU\\Software\\Classes\\CLSID\\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\\InprocServer32\"</span> /f /ve</code></pre></div>\n<h2 id=\"addendum-add-desktop-shortcuts-for-all-exe-files-under-a-specific-folder\" style=\"position:relative;\"><a href=\"#addendum-add-desktop-shortcuts-for-all-exe-files-under-a-specific-folder\" aria-label=\"addendum add desktop shortcuts for all exe files under a specific folder permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Addendum: Add Desktop Shortcuts for All EXE Files Under a Specific Folder</h2>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\"><span class=\"token variable\">$src</span>=<span class=\"token string\">'C:\\Tools\\AllTools'</span><span class=\"token punctuation\">;</span><span class=\"token variable\">$desktop</span>=<span class=\"token namespace\">[Environment]</span>::GetFolderPath<span class=\"token punctuation\">(</span><span class=\"token string\">'Desktop'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span><span class=\"token variable\">$ws</span>=<span class=\"token function\">New-Object</span> <span class=\"token operator\">-</span>ComObject WScript<span class=\"token punctuation\">.</span>Shell<span class=\"token punctuation\">;</span><span class=\"token function\">Get-ChildItem</span> <span class=\"token operator\">-</span>Path <span class=\"token variable\">$src</span> <span class=\"token operator\">-</span><span class=\"token keyword\">Filter</span> <span class=\"token operator\">*</span><span class=\"token punctuation\">.</span>exe <span class=\"token operator\">-</span>Recurse <span class=\"token operator\">-</span>File<span class=\"token punctuation\">|</span><span class=\"token function\">ForEach-Object</span><span class=\"token punctuation\">{</span><span class=\"token variable\">$name</span>=<span class=\"token namespace\">[IO.Path]</span>::GetFileNameWithoutExtension<span class=\"token punctuation\">(</span><span class=\"token variable\">$_</span><span class=\"token punctuation\">.</span>FullName<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span><span class=\"token variable\">$lnk</span>=<span class=\"token function\">Join-Path</span> <span class=\"token variable\">$desktop</span> <span class=\"token punctuation\">(</span><span class=\"token variable\">$name</span><span class=\"token operator\">+</span><span class=\"token string\">'.lnk'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span><span class=\"token variable\">$s</span>=<span class=\"token variable\">$ws</span><span class=\"token punctuation\">.</span>CreateShortcut<span class=\"token punctuation\">(</span><span class=\"token variable\">$lnk</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span><span class=\"token variable\">$s</span><span class=\"token punctuation\">.</span>TargetPath=<span class=\"token variable\">$_</span><span class=\"token punctuation\">.</span>FullName<span class=\"token punctuation\">;</span><span class=\"token variable\">$s</span><span class=\"token punctuation\">.</span>WorkingDirectory=<span class=\"token variable\">$_</span><span class=\"token punctuation\">.</span>DirectoryName<span class=\"token punctuation\">;</span><span class=\"token variable\">$s</span><span class=\"token punctuation\">.</span>IconLocation=<span class=\"token variable\">$_</span><span class=\"token punctuation\">.</span>FullName<span class=\"token punctuation\">;</span><span class=\"token variable\">$s</span><span class=\"token punctuation\">.</span>Save<span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">}</span></code></pre></div>\n<h2 id=\"install-analysis-tools-via-winget\" style=\"position:relative;\"><a href=\"#install-analysis-tools-via-winget\" aria-label=\"install analysis tools via winget permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Install Analysis Tools via WinGet</h2>\n<p>I’ll manage tools using winget wherever possible.</p>\n<p>Any tools that cannot be obtained via winget, or that are easier to manage without it, will all be installed in the section below.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\"><span class=\"token comment\"># Install various packages</span>\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Google<span class=\"token punctuation\">.</span>Chrome\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Mozilla<span class=\"token punctuation\">.</span>Firefox\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Canonical<span class=\"token punctuation\">.</span>Ubuntu\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Typora<span class=\"token punctuation\">.</span>Typora\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Microsoft<span class=\"token punctuation\">.</span>WindowsTerminal\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Git<span class=\"token punctuation\">.</span>Git\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id WiresharkFoundation<span class=\"token punctuation\">.</span>Wireshark\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id SoftwareFreedomConservancy<span class=\"token punctuation\">.</span>QEMU\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id 7zip<span class=\"token punctuation\">.</span>7zip\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Microsoft<span class=\"token punctuation\">.</span>XMLNotepad\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Brave<span class=\"token punctuation\">.</span>Brave\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id PortSwigger<span class=\"token punctuation\">.</span>BurpSuite<span class=\"token punctuation\">.</span>Community\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Google<span class=\"token punctuation\">.</span>AndroidStudio\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Hex-Rays<span class=\"token punctuation\">.</span>IDA<span class=\"token punctuation\">.</span>Free\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id icsharpcode<span class=\"token punctuation\">.</span>ILSpy\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id dnSpyEx<span class=\"token punctuation\">.</span>dnSpy\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Notepad+<span class=\"token operator\">+</span><span class=\"token punctuation\">.</span>Notepad+<span class=\"token operator\">+</span>\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id WinMerge<span class=\"token punctuation\">.</span>WinMerge\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Microsoft<span class=\"token punctuation\">.</span>WinDbg\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id OliverBetz<span class=\"token punctuation\">.</span>ExifTool\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id GIMP<span class=\"token punctuation\">.</span>GIMP\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Microsoft<span class=\"token punctuation\">.</span>Office\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Canonical<span class=\"token punctuation\">.</span>Ubuntu<span class=\"token punctuation\">.</span>2204\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id kalilinux<span class=\"token punctuation\">.</span>kalilinux\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Chocolatey<span class=\"token punctuation\">.</span>ChocolateyGUI\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id MHNexus<span class=\"token punctuation\">.</span>HxD\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id ImageMagick<span class=\"token punctuation\">.</span>ImageMagick\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id WinsiderSS<span class=\"token punctuation\">.</span>SystemInformer</code></pre></div>\n<p>Reference: <a href=\"/windows-winget-setup-en\">Installing Commonly Used Applications with Windows Package Manager (winget) - Frog’s Secret Base</a></p>\n<h2 id=\"manually-install-various-analysis-tools\" style=\"position:relative;\"><a href=\"#manually-install-various-analysis-tools\" aria-label=\"manually install various analysis tools permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Manually Install Various Analysis Tools</h2>\n<p>Installing tools that cannot (or should not) be installed via WinGet.</p>\n<p> The versions of some tools (such as Visual Studio and JDK) reflect those available at the time of writing; please install the latest versions as appropriate.</p>\n<h3 id=\"windbg\" style=\"position:relative;\"><a href=\"#windbg\" aria-label=\"windbg permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>WinDbg</h3>\n<p>Install using the Windows SDK installer downloaded from the link below.</p>\n<p>Reference: <a href=\"https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Debugging Tools for Windows - Windows drivers | Microsoft Learn</a></p>\n<p>Also, set up the workspace using the reg file downloaded from the link below.</p>\n<p>Reference: <a href=\"https://github.com/kash1064/WinDbg-Classic-Dark/releases\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Releases · kash1064/WinDbg-Classic-Dark</a></p>\n<h3 id=\"sysinternals\" style=\"position:relative;\"><a href=\"#sysinternals\" aria-label=\"sysinternals permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Sysinternals</h3>\n<p>Download files from the link below and place them in <code class=\"language-text\">C:\\Tools\\SysinternalsSuite</code>.</p>\n<p>Reference: <a href=\"https://learn.microsoft.com/en-us/sysinternals/downloads/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Sysinternals Utilities - Sysinternals | Microsoft Learn</a></p>\n<p>Also, configure symbol settings for Procmon and Procexp.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 565px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/88ccc98752596d3565ee87ae851117ab/07eba/image-20230519004530612.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 84.16666666666667%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAARCAYAAADdRIy+AAAACXBIWXMAAAsTAAALEwEAmpwYAAADGklEQVQ4y41UyZLaWBDU38+3zGVOPsxhIibC3dG2abNJ7OKBVrQLJCRBA+101oPuuc4hI+uVSqVa8sn4MgywrxvU9REV0XYn7Ktan+tjo30HnoVPbxdcrje8XW64CK5XjSt914dtbMIMp7bFUV7mi2W5R6vPR3Rdh+pwQMdz27R4f7/hdrtpvtu/cCHOTP52fWfSXzC+9gaIVIci7mA7DkazNa5LC4PQwb+9J2x7X1E7CtP5Bp76gdCzURwirMoIfzz5+D4b4M9/XvHXywJfnv+GYa1c5HGBwI8QBAF2QYimLNnWG9uucWqOOLccCSs+nVqcz2dW8oaO7QfVGYe2Q35okJQV/NiF8dKfMJmLMAx1Qt/zkeUFCqIsCCbPH1wUggJpmiFNEuyzFHmaMi5Hc+THOX+jZy7guQ7GozGm0ymm1gTmeIz+z5+Y0LYEponRcASTMRLn+z5c17vDccnsMs91R8aP0ZxVedioDbbbLZRSsFc21Fphba81bzdb/Xy1XH7GSCJFnySSBVZVpas3nl9NvqBYhYXlYon5bK55QUiyxXzBFtNHu6VOkGc5sizTCfb7vYaMREZmfB9O2YILjxtWrMjdOnoEDitx6fPZTsAWlW1/+jbrtY5vuLCWONaVTiaJjdfxQs9gaM0xGE8wWyl4YQI/Sskx/N3DJrtBrNkJIsT5nts9ItvX3DDBRUVRBOPbYAKHm93sCig/hvJirLaBttfujojuTL9NFsjzID0gqzqkhxZR2cAPd4gl4fPrmC3Y3OAQw/5AwxyNYHHTU8vSmJjWpz2fTXnm1gcDDYkTDqhfuWG65d0uZMkpkjhBkpCpsTiOH5xo/rDviHV7/8UmyNjyp2w8zlAG7nDQIhkJqilUkcL/wYH3XTYutvHUG8PzXO2UL4hTdNU0jeYP+wMtr2HXtXe0jW5T4FHLesuylDDw9V+l1HoqtNZEc6KtD43dNVdi7iZ4MRW+WQrmJqJCHN4oSytFRmb0Jyt41NB6u9Gti4glQRTt4Pkex+BSp4H2h4xbKg/jhULf4iWgLTfHXq2w5iWQj/8GDPfk+SzmGMgAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/88ccc98752596d3565ee87ae851117ab/8ac56/image-20230519004530612.webp 240w,\n/static/88ccc98752596d3565ee87ae851117ab/d3be9/image-20230519004530612.webp 480w,\n/static/88ccc98752596d3565ee87ae851117ab/acb73/image-20230519004530612.webp 565w\"\n              sizes=\"(max-width: 565px) 100vw, 565px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/88ccc98752596d3565ee87ae851117ab/8ff5a/image-20230519004530612.png 240w,\n/static/88ccc98752596d3565ee87ae851117ab/e85cb/image-20230519004530612.png 480w,\n/static/88ccc98752596d3565ee87ae851117ab/07eba/image-20230519004530612.png 565w\"\n            sizes=\"(max-width: 565px) 100vw, 565px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/88ccc98752596d3565ee87ae851117ab/07eba/image-20230519004530612.png\"\n            alt=\"image-20230519004530612\"\n            title=\"image-20230519004530612\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Change the path to <code class=\"language-text\">C:\\Program Files (x86)\\Windows Kits\\10\\Debuggers\\x64\\dbghelp.dll</code> included in the SDK, then set the symbol path to the following.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">srv*C:<span class=\"token punctuation\">\\</span>symbols*https://msdl.microsoft.com/download/symbols</code></pre></div>\n<p>Apply the same settings to Procexp.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 612px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/5ff6bb7462f679434750c5e767d56c72/8c76f/image-20230519004740181.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 66.25%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAANCAYAAACpUE5eAAAACXBIWXMAAAsTAAALEwEAmpwYAAAC0klEQVQ4y32Ty47jVBCG/RCIHUjsYEazmMfg1ZCQEJtZIMESCWYWSIDQzDCX7pHo6STdmcSO73YcO44T351OJ+lO+qPsBokVJf2qc+q4fp+/qo5iLRvqIqcoCq6urijFl2VJ06ypyoqqqmVfsd1u2e72XG/37HY7jnd3AsSOHI8HwbGD4toWs1VFWtY4nk5SNCTLlE2ZMY1jkqnDzNG5vt7Ij1fUZcK6qaizFZs6xfFrwnnDbivnTYMSLxKCWUgYCqJQyJZkacZAH/D68iWuekrv3S+YF6cMnz+l9+InTF1l3H+PenGO484kP2I+n2OYJkqYJDx/8ZJer4fv+0I868gnxgTd1ggDg977t5jqJdpFj7PTE0xJtByXSBREcomlcCSCWPZKJAtN10lXKXVVkWc5meBwOHBvd/yfrdfrrr77/b7bK7dSSM20RIaBOh7zYfiB8WgkUNE0DVUVr07Ea4zHKpOJzkjOh8OhnE9YSonKopTL1N0llEw6aFg2ruvS7/fFezi2I7KsTppt23iehy3ftHAcB0virsRaskpU/deURBpgSLLXJgiRZZkd6WKx6Ard+g7J4p9Y3MXbsjQiN89z1nXNbrNhK2OntKzxKsMSSaZhiAwVT24bzgIiac6/CIL7faskiiKZ01pIU1YSO4gK6WiHjvBWJlT3pgxGGmeDIbrj4wYRthfg+oJpiOl43XoqI5ZJvfL1NUXVoIrsb4Xja8E3reSWcHtzKwkBdVpRrEqKRUayyPHjVIY7I1yWzJKMoZvQN9pZXZPJee5H9KRcD1694jPBp0+f3RPe3Bw4MV1+llfxzHf5cRFxIS/lqi6keynxPKDKV5gyxH/2NZ5MHL5zLL4XfDX1+EQd8bHgoz9+Q7l/jnf8MDT4/Nc3PP79hIcDhyfy/G62Gbe7mMn4HVlks/YNzvtnfCmkD1+f8/j0kkd/jfjCWfDAXfKob/A3FpurvkDUTT8AAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/5ff6bb7462f679434750c5e767d56c72/8ac56/image-20230519004740181.webp 240w,\n/static/5ff6bb7462f679434750c5e767d56c72/d3be9/image-20230519004740181.webp 480w,\n/static/5ff6bb7462f679434750c5e767d56c72/d1d8c/image-20230519004740181.webp 612w\"\n              sizes=\"(max-width: 612px) 100vw, 612px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/5ff6bb7462f679434750c5e767d56c72/8ff5a/image-20230519004740181.png 240w,\n/static/5ff6bb7462f679434750c5e767d56c72/e85cb/image-20230519004740181.png 480w,\n/static/5ff6bb7462f679434750c5e767d56c72/8c76f/image-20230519004740181.png 612w\"\n            sizes=\"(max-width: 612px) 100vw, 612px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/5ff6bb7462f679434750c5e767d56c72/8c76f/image-20230519004740181.png\"\n            alt=\"image-20230519004740181\"\n            title=\"image-20230519004740181\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<h3 id=\"net-60-desktop-runtime\" style=\"position:relative;\"><a href=\"#net-60-desktop-runtime\" aria-label=\"net 60 desktop runtime permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>.NET 6.0 Desktop Runtime</h3>\n<p>Install using the MSI downloaded from the link below.</p>\n<p>Reference: <a href=\"https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-desktop-6.0.16-windows-x64-installer?cid=getdotnetcore\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Download .NET 6.0 Desktop Runtime (v6.0.16) - Windows x64 Installer</a></p>\n<h3 id=\"ghidra\" style=\"position:relative;\"><a href=\"#ghidra\" aria-label=\"ghidra permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Ghidra</h3>\n<p>Download files from the link below and extract them to <code class=\"language-text\">C:\\Tools\\Ghidra</code>.</p>\n<p>Reference: <a href=\"https://github.com/NationalSecurityAgency/ghidra/releases\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Releases · NationalSecurityAgency/ghidra</a></p>\n<p>Follow the setup procedure below.</p>\n<p>Reference: <a href=\"/ghidra-my-env-setup-en\">Ghidra Environment Setup Notes for CTF - Frog’s Secret Base</a></p>\n<h3 id=\"visual-studio-2019\" style=\"position:relative;\"><a href=\"#visual-studio-2019\" aria-label=\"visual studio 2019 permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Visual Studio 2019</h3>\n<p>Download the installer from MSDN and install it.</p>\n<p>After installation, at a minimum, unify the keyboard mapping to VSCode style.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 739px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/cbb19ede50091069f873d062a022ab0b/f1d1f/image-20230519150330086.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 42.083333333333336%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAYAAAD5nd/tAAAACXBIWXMAAAsTAAALEwEAmpwYAAABs0lEQVQozz2R227aQBRF/YNRCA0k0I9LXqpG7Se0L30oCBpF4WKML3h8v8Y2YGMDMdo5Hkd9WNqeM3Nm9j4Wbjpd9Hp9DAdfcde/I+7Ru+2j/1kb3A/5/i3VBoMh3+92v3A61Ht93XCDq6sOR7AsC4fDAafTiVPXF1wuF5zPZ14vioK05FrkOfK8IHL6LnA8HvnZuq75+aZfYIzB83xOkqbY73PsqSGOY8xnc4z+jjGd/sPsdYblUsRiscR8vuAqSWu4ngddZ1BUDWEYQnAcFza5bIplWfLXD+SmcW4yHUxTYGgqbENHFHjYZwnx1pLGyEl3pNskQpomEIIgQOD7kFYSdrtdG5OwTYZfrw6+jV38mLh4Gpn4PrLx8znA49jDA8f/r4+EbPoQfLrMJ9sixYkoZlVV/FLXcfAiavg9muHPVMR0oeN5ZWDJQmziCua2hpG9w/yEpSfYXtA6jKOQO5RlGVEU8dhZliH0PVhsQ3EZj8sjb1O8Hw84V0VLWfD1qaQe+geCtjGxklRMJi80bAniiublhIjfEjBmYE2PKIqK9VrmKKraorTazL6pi2TIsmx8AAcqKQ3ALYf8AAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/cbb19ede50091069f873d062a022ab0b/8ac56/image-20230519150330086.webp 240w,\n/static/cbb19ede50091069f873d062a022ab0b/d3be9/image-20230519150330086.webp 480w,\n/static/cbb19ede50091069f873d062a022ab0b/26073/image-20230519150330086.webp 739w\"\n              sizes=\"(max-width: 739px) 100vw, 739px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/cbb19ede50091069f873d062a022ab0b/8ff5a/image-20230519150330086.png 240w,\n/static/cbb19ede50091069f873d062a022ab0b/e85cb/image-20230519150330086.png 480w,\n/static/cbb19ede50091069f873d062a022ab0b/f1d1f/image-20230519150330086.png 739w\"\n            sizes=\"(max-width: 739px) 100vw, 739px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/cbb19ede50091069f873d062a022ab0b/f1d1f/image-20230519150330086.png\"\n            alt=\"image-20230519150330086\"\n            title=\"image-20230519150330086\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<h3 id=\"noriben\" style=\"position:relative;\"><a href=\"#noriben\" aria-label=\"noriben permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Noriben</h3>\n<p>Download files from the link below and extract them to <code class=\"language-text\">C:\\Tools\\Noriben</code>.</p>\n<p>Reference: <a href=\"https://github.com/Rurik/Noriben\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">GitHub - Rurik/Noriben: Noriben - Portable, Simple, Malware Analysis Sandbox</a></p>\n<h3 id=\"java-17\" style=\"position:relative;\"><a href=\"#java-17\" aria-label=\"java 17 permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Java 17</h3>\n<p>Download files from the link below and extract them to <code class=\"language-text\">C:\\Tools\\jdk-17</code>.</p>\n<p>Reference: <a href=\"https://www.oracle.com/java/technologies/downloads/#jdk17-windows\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Java Downloads | Oracle</a></p>\n<h3 id=\"java-8\" style=\"position:relative;\"><a href=\"#java-8\" aria-label=\"java 8 permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Java 8</h3>\n<p>Download from the link below and extract to <code class=\"language-text\">C:\\Tools\\jdk-8</code>.</p>\n<p>Reference: <a href=\"https://adoptium.net/temurin/releases/?version=8\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Latest Releases | Adoptium</a></p>\n<h3 id=\"eclipse-memory-analyzer\" style=\"position:relative;\"><a href=\"#eclipse-memory-analyzer\" aria-label=\"eclipse memory analyzer permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Eclipse Memory Analyzer</h3>\n<p>Download files from the link below and extract them to <code class=\"language-text\">C:\\Tools\\MemoryAnalyzer</code>.</p>\n<p>Reference: <a href=\"https://www.eclipse.org/mat/downloads.php\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Open Source Project | The Eclipse Foundation</a></p>\n<p>Follow the procedure below to specify the Java path.</p>\n<p>Reference: <a href=\"/note-eclips-mat-setup-en\">How to Fix the “version 1.8.0_261 of the jvm is not suitable” Error When Launching Eclipse Memory Analyzer as a Single Binary - Frog’s Secret Base</a></p>\n<h3 id=\"android-studio\" style=\"position:relative;\"><a href=\"#android-studio\" aria-label=\"android studio permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Android Studio</h3>\n<p>Launch the Android Studio installed via WinGet and proceed through the setup.</p>\n<p>Also, create x86 and x86_64 emulators from the Device Manager.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 367px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/f53f912d7f8361edfa8cdbb229d47842/46684/image-20230518220001103.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 77.08333333333333%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAPCAYAAADkmO9VAAAACXBIWXMAAAsTAAALEwEAmpwYAAABpklEQVQ4y63U3W6bMBgGYF9VfrABm18DMZAQEtR2TXewTpq0Tk3X7mB3MO1SlrZRTybt4t5+ONW0HTRK1x08+mxArz8sA3N9hWxSQucT5KZCTmNPBXBcH9yTL8bGDkeiM0RxDBXGFG5s9WTwb4FDESCbdkjMHEM3QBAltuMo1RgL78WdMh5omO4tpifvUC2OUdYzpIWBpC5jnUPRAvbhA4MZFwL1rEG7XGK+WKDtjmDqKcJEQ1NwXz0VwqUtOAQTvoSKNfKyxrRpbUiUZgjpWh/W6+eHYiPuUmBKk9yKdWH5UQRBK/7JtZ2Gu/oM+8oJdZEXGYwpbC0mFJqGkMq3fLnjcAeO4MR5FhtJOiaTFVRxgsCcQlLtReUZ4uqM6urJKfzsCH6+H4vefENz8xPt9T3ZYnlDvmxRr++Rf3xysVN82qK42I+lq+/ovv5Cs96gu96g/XyH+dUdmqsNZuveLerLW7r/A9VlH/qwFxuHLVT9AbI8/4uqzhFUfX1vx+r3eD82GA4gXAFOG8ppw1+LDcbcHgXu09H4D9hg5Ngz1n82gv48r/UILB0w8AJNRvIAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/f53f912d7f8361edfa8cdbb229d47842/8ac56/image-20230518220001103.webp 240w,\n/static/f53f912d7f8361edfa8cdbb229d47842/ddb01/image-20230518220001103.webp 367w\"\n              sizes=\"(max-width: 367px) 100vw, 367px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/f53f912d7f8361edfa8cdbb229d47842/8ff5a/image-20230518220001103.png 240w,\n/static/f53f912d7f8361edfa8cdbb229d47842/46684/image-20230518220001103.png 367w\"\n            sizes=\"(max-width: 367px) 100vw, 367px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/f53f912d7f8361edfa8cdbb229d47842/46684/image-20230518220001103.png\"\n            alt=\"image-20230518220001103\"\n            title=\"image-20230518220001103\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<h3 id=\"android-sdk-platform-tools\" style=\"position:relative;\"><a href=\"#android-sdk-platform-tools\" aria-label=\"android sdk platform tools permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Android SDK Platform Tools</h3>\n<p>Download files from the link below and extract them to <code class=\"language-text\">C:\\Tools\\android-sdk</code>.</p>\n<p>Reference: <a href=\"https://developer.android.com/tools/releases/platform-tools\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">SDK Platform Tools release notes  |  Android Studio  |  Android Developers</a></p>\n<h3 id=\"android-ndk\" style=\"position:relative;\"><a href=\"#android-ndk\" aria-label=\"android ndk permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Android NDK</h3>\n<p>Install the NDK from SDK Manager.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 683px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/f9c40a471ee2fb50168753be3ad25981/bca35/image-20230518222206294.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 57.50000000000001%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAMCAYAAABiDJ37AAAACXBIWXMAAAsTAAALEwEAmpwYAAACGElEQVQoz11TTXPTMBD1z4Imji3J+rZsJ05SOrSlGT6GI6eWYabDiQsc+MmP3XUaBg47byVLT2/frisXC5QNqFWHjbbYKIu61RIbZdBo88+a4yVvdSf5ulGXqIzP6EKBzyNcGqBdpohI/QAXMyJh56OETxkhF2jrBXnNJFd1I7jatKjG+S367Q3ScIRNM9Yq0YWAVEYhDKmHP2PIPT1Q5BEbEqnvoDoneFEYiYjJXJ6p9IFK54NWyFxMMKRG0yUmEMW5/FXtguzzdyarmTCUAwopZOK2K6h1Il8MHB20IaK1EWF6g66fxetlP138e/G1YU+NRaX9hEwXbNoRWRbCxjjkYZKyy7iVvB8Yl5wVcj5Ms+SGlLJiSxVUJiyEod+fCdloDW00kRRS5KlsC+upbMdo5ZvSCoqwJWxUSz4H2SfCrRAaUtp07GEkpM5fP8Fff8H08A3b03eJfPeMdPsMe/0V5vgIc3hc8Ph0iUrZgjweaGx25CGpaz2RWjThCJOP2N18wHA4Ie3u4ad7uPGOPH0nOZ/Z/BdVOv3C/Pk3hve/YO9/wt7+oLIjXl+9om5rhBipZBoPY6RkLmtVr5dYryTWdU24rCs3nlCOH9EfPsEOD/TqDansZEg1mT1sZ4y7PcbtXhrgUzmPVJYurzaK/rBOOi9zmMoeZSK5pGop11+mnw9xp/mv4HiZPXOev9Z0co7HxtI3vvcHipO70iMtSFoAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/f9c40a471ee2fb50168753be3ad25981/8ac56/image-20230518222206294.webp 240w,\n/static/f9c40a471ee2fb50168753be3ad25981/d3be9/image-20230518222206294.webp 480w,\n/static/f9c40a471ee2fb50168753be3ad25981/e2d2f/image-20230518222206294.webp 683w\"\n              sizes=\"(max-width: 683px) 100vw, 683px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/f9c40a471ee2fb50168753be3ad25981/8ff5a/image-20230518222206294.png 240w,\n/static/f9c40a471ee2fb50168753be3ad25981/e85cb/image-20230518222206294.png 480w,\n/static/f9c40a471ee2fb50168753be3ad25981/bca35/image-20230518222206294.png 683w\"\n            sizes=\"(max-width: 683px) 100vw, 683px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/f9c40a471ee2fb50168753be3ad25981/bca35/image-20230518222206294.png\"\n            alt=\"image-20230518222206294\"\n            title=\"image-20230518222206294\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Reference: <a href=\"https://developer.android.com/studio/projects/install-ndk\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Install and configure the NDK and CMake  |  Android Studio  |  Android Developers</a></p>\n<p>Alternatively, build the downloaded NDK file directly.</p>\n<p>Reference: <a href=\"/ctf-android-apk-debug-tutorial-en\">Dynamic analysis of an ELF binary by dlopen-ing a library function</a></p>\n<h3 id=\"pestudio\" style=\"position:relative;\"><a href=\"#pestudio\" aria-label=\"pestudio permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>pestudio</h3>\n<p>Download from the link below and extract to <code class=\"language-text\">C:\\Tools\\pestudio</code>.</p>\n<p>Reference: <a href=\"https://www.winitor.com/download2\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Winitor</a></p>\n<h3 id=\"registrychangesview\" style=\"position:relative;\"><a href=\"#registrychangesview\" aria-label=\"registrychangesview permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>RegistryChangesView</h3>\n<p>Download RegistryChangesView from the link below and extract to <code class=\"language-text\">C:\\Tools\\RegistryChangesView</code>.</p>\n<p>Reference: <a href=\"https://www.nirsoft.net/utils/registry_changes_view.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">RegistryChangesView - Compare snapshots of Windows Registry</a></p>\n<h3 id=\"hayabusa\" style=\"position:relative;\"><a href=\"#hayabusa\" aria-label=\"hayabusa permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Hayabusa</h3>\n<p>Download from the link below and extract to <code class=\"language-text\">C:\\Tools\\Hayabusa</code>.</p>\n<p>Reference: <a href=\"https://github.com/Yamato-Security/hayabusa/releases\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Releases · Yamato-Security/hayabusa · GitHub</a></p>\n<h3 id=\"timeline-explorer\" style=\"position:relative;\"><a href=\"#timeline-explorer\" aria-label=\"timeline explorer permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Timeline Explorer</h3>\n<p>Download from the link below and extract to <code class=\"language-text\">C:\\Tools\\TimelineExplorer</code>.</p>\n<p>Reference: <a href=\"https://ericzimmerman.github.io/#!index.md\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Eric Zimmerman’s tools</a></p>\n<h3 id=\"hasher\" style=\"position:relative;\"><a href=\"#hasher\" aria-label=\"hasher permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Hasher</h3>\n<p>Download from the link below and extract to <code class=\"language-text\">C:\\Tools\\Hasher</code>.</p>\n<p>Reference: <a href=\"https://ericzimmerman.github.io/#!index.md\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Eric Zimmerman’s tools</a></p>\n<h3 id=\"jq\" style=\"position:relative;\"><a href=\"#jq\" aria-label=\"jq permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>jq</h3>\n<p>Download from the link below and place in <code class=\"language-text\">C:\\Tools\\jq</code>.</p>\n<p>Reference: <a href=\"https://stedolan.github.io/jq/download/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Download jq</a></p>\n<h3 id=\"frida\" style=\"position:relative;\"><a href=\"#frida\" aria-label=\"frida permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Frida</h3>\n<p>Set up using the procedure below and place in <code class=\"language-text\">C:\\Tools\\Frida</code>.</p>\n<p>Reference: <a href=\"/ctf-android-apk-debug-tutorial-en\">Setting Up Frida</a></p>\n<h3 id=\"eclipse-ide\" style=\"position:relative;\"><a href=\"#eclipse-ide\" aria-label=\"eclipse ide permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Eclipse IDE</h3>\n<p>Install using the installer downloaded from the link below.</p>\n<p>Reference: <a href=\"https://www.eclipse.org/downloads/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Eclipse Downloads | The Eclipse Foundation</a></p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 767px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/3a38f2a2fef3a310c1c2d235d1b5a2b2/6c2f2/image-20230518205120765.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 42.083333333333336%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAYAAAD5nd/tAAAACXBIWXMAAAsTAAALEwEAmpwYAAABm0lEQVQoz3XSX2/SUBzG8b7/V7DERROdEGdMhmY6o164eLEJLKlAgBZWCm3p/9OWgkBhX08LGm5s8snT83tOmjTnKIYxpaMO+KUOcY0B6VQlMVrEvkMQRMRxTJIkiFOizIxkrsm9d2R2h9nUxBy0UXzXY6wZjKRFYLHPZuziRzZLwWqVs938ZldsKLZScWK7ptjtKZ5gD+SLlCTyUMYTF9NJMW2B5eXY4Vra4PhLKZcW2N7/ZNhuiiNzNk9xgxTl5rtOu/XA1Y3K2UWT89o9z2o/Oa83ZTY5e3XH88sH3nzSDj4OpZN3mZdS/Vrj248+yudbjXu1ReNrjxdv21w0VGofelKX1+87lXJ9yO6xK9eybxx76eVVly+3PZTBSP7yfI0+EfR1j+E4ZPgYoRlxRZ/EjExRzcru73w8TTDsDMNKjxb0NRNFxCHX7+pkicCb+7iOh+8GeK6PY7nVrORYc2y5LvvpxGKRZTzti+rAtvKAyicMfPlBIRjpOnm+rK5IFEX/hFLZl/MwDGWK456DMIyq9IOA5XKFK2/MH1/WQFH6AoEZAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/3a38f2a2fef3a310c1c2d235d1b5a2b2/8ac56/image-20230518205120765.webp 240w,\n/static/3a38f2a2fef3a310c1c2d235d1b5a2b2/d3be9/image-20230518205120765.webp 480w,\n/static/3a38f2a2fef3a310c1c2d235d1b5a2b2/e0ad8/image-20230518205120765.webp 767w\"\n              sizes=\"(max-width: 767px) 100vw, 767px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/3a38f2a2fef3a310c1c2d235d1b5a2b2/8ff5a/image-20230518205120765.png 240w,\n/static/3a38f2a2fef3a310c1c2d235d1b5a2b2/e85cb/image-20230518205120765.png 480w,\n/static/3a38f2a2fef3a310c1c2d235d1b5a2b2/6c2f2/image-20230518205120765.png 767w\"\n            sizes=\"(max-width: 767px) 100vw, 767px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/3a38f2a2fef3a310c1c2d235d1b5a2b2/6c2f2/image-20230518205120765.png\"\n            alt=\"image-20230518205120765\"\n            title=\"image-20230518205120765\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Set the installation destination to <code class=\"language-text\">C:\\Tools\\Eclipse</code>.</p>\n<p>Also, create the workspace at <code class=\"language-text\">%USERPROFILE%\\Documents\\eclipse-workspace</code>.</p>\n<h3 id=\"gradle\" style=\"position:relative;\"><a href=\"#gradle\" aria-label=\"gradle permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Gradle</h3>\n<p>Download from the link below and extract to <code class=\"language-text\">C:\\Tools\\Gradle</code>.</p>\n<p>Reference: <a href=\"https://gradle.org/releases/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Gradle | Releases</a></p>\n<h3 id=\"peid\" style=\"position:relative;\"><a href=\"#peid\" aria-label=\"peid permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>PEiD</h3>\n<p>Download from the link below and extract to <code class=\"language-text\">C:\\Tools\\PEiD</code>.</p>\n<p>Reference: <a href=\"https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">PEiD (Windows) - Download &#x26; Review</a></p>\n<h3 id=\"jadx\" style=\"position:relative;\"><a href=\"#jadx\" aria-label=\"jadx permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>jadx</h3>\n<p>Download from the link below and extract to <code class=\"language-text\">C:\\Tools\\jadx</code>.</p>\n<p>Reference: <a href=\"https://github.com/skylot/jadx/releases\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Releases · skylot/jadx · GitHub</a></p>\n<h3 id=\"jd-gui\" style=\"position:relative;\"><a href=\"#jd-gui\" aria-label=\"jd gui permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>jd-gui</h3>\n<p>Download from the link below and extract to <code class=\"language-text\">C:\\Tools\\jd-gui</code>.</p>\n<p>Reference: <a href=\"http://java-decompiler.github.io/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Java Decompiler</a></p>\n<h3 id=\"processhacker\" style=\"position:relative;\"><a href=\"#processhacker\" aria-label=\"processhacker permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>ProcessHacker</h3>\n<p>Download from the link below and extract to <code class=\"language-text\">C:\\Tools\\ProcessHacker</code>.</p>\n<p>Reference: <a href=\"https://processhacker.sourceforge.io/downloads.php\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Downloads - Process Hacker</a></p>\n<h3 id=\"lldb\" style=\"position:relative;\"><a href=\"#lldb\" aria-label=\"lldb permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>LLDB</h3>\n<p>Install to <code class=\"language-text\">C:\\Tools\\LLVM</code> using the installer downloaded from the link below.</p>\n<p>Reference: <a href=\"https://github.com/llvm/llvm-project/releases\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Releases · llvm/llvm-project · GitHub</a></p>\n<h3 id=\"npcap\" style=\"position:relative;\"><a href=\"#npcap\" aria-label=\"npcap permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>npcap</h3>\n<p>Install using the installer downloaded from the link below.</p>\n<p>Reference: <a href=\"https://npcap.com/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Npcap: Windows Packet Capture Library &#x26; Driver</a></p>\n<h3 id=\"windows-terminal\" style=\"position:relative;\"><a href=\"#windows-terminal\" aria-label=\"windows terminal permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Windows Terminal</h3>\n<p>Set up the application installed via WinGet.</p>\n<p>Configure shortcut keys and the startup folder.</p>\n<p>Also, add a PowerShell profile with [elevate] set to True, and reorder <code class=\"language-text\">settings.json</code> as follows.</p>\n<div class=\"gatsby-highlight\" data-language=\"json\"><pre class=\"language-json\"><code class=\"language-json\"><span class=\"token punctuation\">{</span>omitted<span class=\"token punctuation\">}</span>\n<span class=\"token punctuation\">{</span>\n    <span class=\"token property\">\"commandline\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"%SystemRoot%\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"guid\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"{61c54bbd-c2c6-5271-96e7-009a87ff44bf}\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"hidden\"</span><span class=\"token operator\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"name\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"Windows PowerShell\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"startingDirectory\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"%USERPROFILE%\\\\Downloads\"</span>\n<span class=\"token punctuation\">}</span><span class=\"token punctuation\">,</span>\n<span class=\"token punctuation\">{</span>\n    <span class=\"token property\">\"commandline\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"%SystemRoot%\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"elevate\"</span><span class=\"token operator\">:</span> <span class=\"token boolean\">true</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"guid\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"{61c54bbd-c2c6-5271-96e7-009a87ff44ba}\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"hidden\"</span><span class=\"token operator\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"name\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"Elevate Windows PowerShell\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"startingDirectory\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"%USERPROFILE%\\\\Downloads\"</span>\n<span class=\"token punctuation\">}</span><span class=\"token punctuation\">,</span>\n<span class=\"token punctuation\">{</span>\n    <span class=\"token property\">\"guid\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"{51855cb2-8cce-5362-8f54-464b92b32386}\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"hidden\"</span><span class=\"token operator\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"name\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"Ubuntu\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"source\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"CanonicalGroupLimited.Ubuntu_79rhkp1fndgsc\"</span>\n<span class=\"token punctuation\">}</span><span class=\"token punctuation\">,</span>\n<span class=\"token punctuation\">{</span>\n    <span class=\"token property\">\"guid\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"{07b52e3e-de2c-5db4-bd2d-ba144ed6c273}\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"hidden\"</span><span class=\"token operator\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"name\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"Ubuntu-20.04\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"source\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"Windows.Terminal.Wsl\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"tabTitle\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"Remnux\"</span>\n<span class=\"token punctuation\">}</span><span class=\"token punctuation\">,</span>\n<span class=\"token punctuation\">{</span>\n    <span class=\"token property\">\"commandline\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"%SystemRoot%\\\\System32\\\\cmd.exe\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"guid\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"{0caa0dad-35be-5f56-a8ff-afceeeaa6101}\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"hidden\"</span><span class=\"token operator\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"name\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"Command Prompt\"</span><span class=\"token punctuation\">,</span>\n    <span class=\"token property\">\"startingDirectory\"</span><span class=\"token operator\">:</span> <span class=\"token string\">\"%USERPROFILE%\\\\Downloads\"</span>\n<span class=\"token punctuation\">}</span><span class=\"token punctuation\">,</span>\n<span class=\"token punctuation\">{</span>omitted<span class=\"token punctuation\">}</span></code></pre></div>\n<p>This allows you to easily launch an elevated PowerShell prompt from Windows Terminal.</p>\n<h3 id=\"hollows_hunter\" style=\"position:relative;\"><a href=\"#hollows_hunter\" aria-label=\"hollows_hunter permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>hollows_hunter</h3>\n<p>Download files from the link below and extract to <code class=\"language-text\">C:\\Tools\\hollows_hunter</code>.</p>\n<p>Reference: <a href=\"https://github.com/hasherezade/hollows_hunter/releases\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Releases · hasherezade/hollows_hunter</a></p>\n<h3 id=\"apiminer\" style=\"position:relative;\"><a href=\"#apiminer\" aria-label=\"apiminer permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>APIMiner</h3>\n<p>Download files from the link below and extract to <code class=\"language-text\">C:\\Tools\\APIMiner</code>.</p>\n<p>Reference: <a href=\"https://github.com/poona/APIMiner/releases/tag/1.0.0\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Release APIMiner-v1.0.0 · poona/APIMiner</a></p>\n<h3 id=\"cyberchef\" style=\"position:relative;\"><a href=\"#cyberchef\" aria-label=\"cyberchef permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>CyberChef</h3>\n<p>Download files from the link below, extract to <code class=\"language-text\">C:\\Tools\\CyberChef</code>, and bookmark it in your browser.</p>\n<p>Reference: <a href=\"https://github.com/gchq/CyberChef/releases\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Releases · gchq/CyberChef · GitHub</a></p>\n<h3 id=\"upx\" style=\"position:relative;\"><a href=\"#upx\" aria-label=\"upx permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>UPX</h3>\n<p>Download files from the link below and extract to <code class=\"language-text\">C:\\Tools\\upx</code>.</p>\n<p>Reference: <a href=\"https://github.com/upx/upx/releases\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Releases · upx/upx · GitHub</a></p>\n<h3 id=\"ftk-imager\" style=\"position:relative;\"><a href=\"#ftk-imager\" aria-label=\"ftk imager permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>FTK Imager</h3>\n<p>Install to <code class=\"language-text\">C:\\Tools\\AccessData</code> using the installer downloaded from the link below.</p>\n<p>Reference: <a href=\"https://www.exterro.com/top-10-most-underrated-ftk-features-2\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Exterro Thank You Page - Exterro</a></p>\n<h3 id=\"pdfstreamdumper\" style=\"position:relative;\"><a href=\"#pdfstreamdumper\" aria-label=\"pdfstreamdumper permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>PDFStreamDumper</h3>\n<p>Install to <code class=\"language-text\">C:\\Tools\\PDFStreamDumper</code> using the installer downloaded from the link below.</p>\n<p>Reference: <a href=\"https://github.com/dzzie/pdfstreamdumper/releases\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Releases · dzzie/pdfstreamdumper</a></p>\n<h3 id=\"usamimi-hurricane-aozora-shiro-neko\" style=\"position:relative;\"><a href=\"#usamimi-hurricane-aozora-shiro-neko\" aria-label=\"usamimi hurricane aozora shiro neko permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>UsaMimi Hurricane, Aozora Shiro Neko</h3>\n<p>Download files from the link below and extract to <code class=\"language-text\">C:\\Tools\\UsaMimi</code>.</p>\n<p>Reference: <a href=\"https://digitaltravesia.jp/usamimihurricane/webhelp/_RESOURCE/MenuItem/another/anotherAoZoraSiroNeko.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">General File Analyzer “Looking Up at the Blue Sky, There’s Always a White Cat” (青い空を見上げればいつもそこに白い猫)</a></p>\n<h3 id=\"volatility-26\" style=\"position:relative;\"><a href=\"#volatility-26\" aria-label=\"volatility 26 permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Volatility 2.6</h3>\n<p>Download files from the link below and extract to <code class=\"language-text\">C:\\Tools\\volatility2</code>.</p>\n<p>Volatility 3 is typically used from the version installed in WSL.</p>\n<p>Reference: <a href=\"https://www.volatilityfoundation.org/releases\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Release Downloads | Volatility Foundation</a></p>\n<h3 id=\"universal-radio-hacker-urh\" style=\"position:relative;\"><a href=\"#universal-radio-hacker-urh\" aria-label=\"universal radio hacker urh permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Universal Radio Hacker (URH)</h3>\n<p>Install to <code class=\"language-text\">C:\\Tools\\Universal Radio Hacker</code> using the installer downloaded from the link below.</p>\n<p>Reference: <a href=\"https://github.com/jopohl/urh/releases\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Releases · jopohl/urh</a></p>\n<h3 id=\"cheat-engine\" style=\"position:relative;\"><a href=\"#cheat-engine\" aria-label=\"cheat engine permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Cheat Engine</h3>\n<p>Downloadable from the link below; note that the installer reportedly bundles adware and is detected as PUA by Defender.</p>\n<p>Since I don’t use it very often, I normally don’t install it and only do so when I absolutely need it.</p>\n<p>Reference: <a href=\"https://www.cheatengine.org/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Cheat Engine</a></p>\n<h3 id=\"sysmon\" style=\"position:relative;\"><a href=\"#sysmon\" aria-label=\"sysmon permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Sysmon</h3>\n<p>Download from the link below and install with <code class=\"language-text\">sysmon64 -i</code>.</p>\n<p>Reference: <a href=\"https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Sysmon - Sysinternals | Microsoft Learn</a></p>\n<h3 id=\"vcxsrv-windows-x-server\" style=\"position:relative;\"><a href=\"#vcxsrv-windows-x-server\" aria-label=\"vcxsrv windows x server permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>VcXsrv Windows X Server</h3>\n<p>Download from the link below and install to <code class=\"language-text\">C:\\Tools\\VcXsrv</code>.</p>\n<p>Reference: <a href=\"https://sourceforge.net/projects/vcxsrv/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">VcXsrv Windows X Server download | SourceForge.net</a></p>\n<h3 id=\"pybag\" style=\"position:relative;\"><a href=\"#pybag\" aria-label=\"pybag permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Pybag</h3>\n<p>Install using the following commands.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\">cd C:\\Tools\n\n<span class=\"token comment\"># The official repository has a bug at install time (as of 2023/5/24), so clone the forked repository instead</span>\ngit clone https:<span class=\"token operator\">/</span><span class=\"token operator\">/</span>github<span class=\"token punctuation\">.</span>com/kash1064/Pybag\ncd <span class=\"token punctuation\">.</span>\\Pybag\\\npython<span class=\"token punctuation\">.</span>exe <span class=\"token punctuation\">.</span><span class=\"token operator\">/</span>setup<span class=\"token punctuation\">.</span>py install</code></pre></div>\n<p>Reference: <a href=\"https://github.com/kash1064/Pybag/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">kash1064/Pybag: Python module for Windbg’s dbgeng plus additional wrappers.</a></p>\n<h3 id=\"assetstudio\" style=\"position:relative;\"><a href=\"#assetstudio\" aria-label=\"assetstudio permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>AssetStudio</h3>\n<p>Download from the link below.</p>\n<p>Reference: <a href=\"https://github.com/Perfare/AssetStudio\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">GitHub - Perfare/AssetStudio: AssetStudio is a tool for exploring, extracting and exporting assets and assetbundles.</a></p>\n<h3 id=\"extremedumper\" style=\"position:relative;\"><a href=\"#extremedumper\" aria-label=\"extremedumper permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>ExtremeDumper</h3>\n<p>Download from the repository below.</p>\n<p>Reference: <a href=\"https://github.com/wwh1004/ExtremeDumper/releases\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Releases · wwh1004/ExtremeDumper · GitHub</a></p>\n<h3 id=\"quick-assembler\" style=\"position:relative;\"><a href=\"#quick-assembler\" aria-label=\"quick assembler permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Quick Assembler</h3>\n<p>Download the binary from the repository below.</p>\n<p>Reference: <a href=\"https://github.com/zodiacon/AllTools\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">zodiacon/AllTools: All reasonably stable tools</a></p>\n<h3 id=\"cutter\" style=\"position:relative;\"><a href=\"#cutter\" aria-label=\"cutter permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>cutter</h3>\n<p>Download and extract the files from the link below.</p>\n<p>Reference: <a href=\"https://cutter.re/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Cutter</a></p>\n<h3 id=\"fiddler\" style=\"position:relative;\"><a href=\"#fiddler\" aria-label=\"fiddler permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Fiddler</h3>\n<p>Use the installer downloaded from the link below.</p>\n<p>Reference: <a href=\"https://www.telerik.com/fiddler\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Web Debugging Proxy and Troubleshooting Tools|Fiddler</a></p>\n<h2 id=\"install-tools-via-chocolatey\" style=\"position:relative;\"><a href=\"#install-tools-via-chocolatey\" aria-label=\"install tools via chocolatey permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Install Tools via Chocolatey</h2>\n<p>Some tools, including CFF Explorer, will be installed via Chocolatey.</p>\n<p>First, run the following command in an elevated PowerShell prompt to install Chocolatey.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\"><span class=\"token function\">Set-ExecutionPolicy</span> Bypass <span class=\"token operator\">-</span>Scope <span class=\"token keyword\">Process</span> <span class=\"token operator\">-</span>Force<span class=\"token punctuation\">;</span> <span class=\"token namespace\">[System.Net.ServicePointManager]</span>::SecurityProtocol = <span class=\"token namespace\">[System.Net.ServicePointManager]</span>::SecurityProtocol <span class=\"token operator\">-bor</span> 3072<span class=\"token punctuation\">;</span> <span class=\"token function\">iex</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">New-Object</span> System<span class=\"token punctuation\">.</span>Net<span class=\"token punctuation\">.</span>WebClient<span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>DownloadString<span class=\"token punctuation\">(</span><span class=\"token string\">'https://community.chocolatey.org/install.ps1'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span></code></pre></div>\n<p>Once Chocolatey is installed, run the following command to install each tool.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\"><span class=\"token comment\"># Install tools</span>\nchoco install apimonitor <span class=\"token operator\">-</span>y\nchoco install hashmyfiles <span class=\"token operator\">-</span>y\nchoco install fakenet <span class=\"token operator\">-</span>y\nchoco install explorersuite <span class=\"token operator\">-</span>y</code></pre></div>\n<h2 id=\"set-up-environment-variables\" style=\"position:relative;\"><a href=\"#set-up-environment-variables\" aria-label=\"set up environment variables permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Set Up Environment Variables</h2>\n<p>Run the following commands in an elevated PowerShell prompt to configure all environment variables at once.</p>\n<p>Adjust the actual paths to match your environment.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\"><span class=\"token comment\"># Set up user environment variables</span>\n<span class=\"token variable\">$usename</span> = <span class=\"token string\">\"kash1064\"</span>\n<span class=\"token variable\">$UserPath</span> = @<span class=\"token string\">\"\nC:\\Tools\\SysinternalsSuite;\nC:\\Tools\\android-sdk;\nC:\\Tools\\android-ndk;\nC:\\Tools\\Noriben;\nC:\\Tools\\Ghidra;\nC:\\Tools\\MemoryAnalyzer;\nC:\\Tools\\Hayabusa;\nC:\\Tools\\Hasher;\nC:\\Tools\\TimelineExplorer;\nC:\\Tools\\jq;\nC:\\Tools\\Frida;\nC:\\Tools\\Gradle\\bin;\nC:\\Tools\\jdk-17\\bin;\nC:\\Tools\\LLVM\\bin;\nC:\\Tools\\APIMiner;\nC:\\Tools\\hollows_hunter;\nC:\\Tools\\upx;\nC:\\Tools\\UsaMimi;\nC:\\Tools\\volatility2;\nC:\\Tools\\Universal Radio Hacker;\n\nC:\\Program Files\\qemu;\n\nC:\\ProgramData\\chocolatey\\lib\\apimonitor;\nC:\\ProgramData\\chocolatey\\lib\\hashmyfiles;\nC:\\Program Files\\NTCore\\Explorer Suite;\n\nC:\\Users\\<span class=\"token variable\">$usename</span>\\AppData\\Local\\Programs\\Python\\Python310\\Scripts\\;\nC:\\Users\\<span class=\"token variable\">$usename</span>\\AppData\\Local\\Programs\\Python\\Python310\\;\nC:\\Users\\<span class=\"token variable\">$usename</span>\\AppData\\Local\\Microsoft\\WindowsApps;\nC:\\Users\\<span class=\"token variable\">$usename</span>\\AppData\\Local\\Programs\\Microsoft VS Code\\bin;\nC:\\Users\\<span class=\"token variable\">$usename</span>\\AppData\\Local\\Microsoft\\WinGet\\Links;\nC:\\Users\\<span class=\"token variable\">$usename</span>\\AppData\\Local\\Programs\\ExifTool;\n\nC:\\Python27\\Scripts;\nC:\\Python27;\n\"</span>@\n<span class=\"token variable\">$UserPath</span> = <span class=\"token variable\">$UserPath</span><span class=\"token punctuation\">.</span>Replace<span class=\"token punctuation\">(</span><span class=\"token string\">\"`n\"</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span>\n\n<span class=\"token namespace\">[System.Environment]</span>::SetEnvironmentVariable<span class=\"token punctuation\">(</span><span class=\"token string\">\"Path\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$UserPath</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"User\"</span><span class=\"token punctuation\">)</span>\n<span class=\"token namespace\">[System.Environment]</span>::SetEnvironmentVariable<span class=\"token punctuation\">(</span><span class=\"token string\">\"NDK_PROJECT_PATH\"</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"C:\\Tools\\NDK\"</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"User\"</span><span class=\"token punctuation\">)</span>\n<span class=\"token namespace\">[System.Environment]</span>::SetEnvironmentVariable<span class=\"token punctuation\">(</span><span class=\"token string\">\"JAVA_HOME\"</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"C:\\Tools\\jdk-17\"</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"User\"</span><span class=\"token punctuation\">)</span>\n\n\n<span class=\"token comment\"># Set up system environment variables</span>\n<span class=\"token variable\">$usename</span> = <span class=\"token string\">\"kash1064\"</span>\n<span class=\"token variable\">$SytemPath</span> = @<span class=\"token string\">\"\nC:\\Users\\<span class=\"token variable\">$usename</span>\\AppData\\Local\\Programs\\Python\\Python310\\Scripts\\;\nC:\\Users\\<span class=\"token variable\">$usename</span>\\AppData\\Local\\Programs\\Python\\Python310\\;\nC:\\Python27\\Scripts;\nC:\\Python27;\n\nC:\\Windows\\system32;\nC:\\Windows;\nC:\\Windows\\System32\\Wbem;\nC:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;\nC:\\Windows\\System32\\OpenSSH\\;\nC:\\Program Files\\Microsoft SQL Server\\130\\Tools\\Binn\\;\nC:\\Program Files\\dotnet\\;\nC:\\ProgramData\\chocolatey\\bin;\nC:\\Program Files (x86)\\Windows Kits\\10\\Windows Performance Toolkit\\;\nC:\\Program Files\\Git\\cmd;\nC:\\Tools\\SysinternalsSuite;\nC:\\Tools\\APIMiner;\nC:\\Tools\\hollows_hunter;\nC:\\Tools\\UsaMimi;\nC:\\Tools\\volatility2;\n\nC:\\Program Files\\qemu;\n\"</span>@\n<span class=\"token variable\">$SytemPath</span> = <span class=\"token variable\">$SytemPath</span><span class=\"token punctuation\">.</span>Replace<span class=\"token punctuation\">(</span><span class=\"token string\">\"`n\"</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span>\n<span class=\"token namespace\">[System.Environment]</span>::SetEnvironmentVariable<span class=\"token punctuation\">(</span><span class=\"token string\">\"Path\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$SytemPath</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"Machine\"</span><span class=\"token punctuation\">)</span>\n\n<span class=\"token comment\"># Restart the OS</span>\n<span class=\"token function\">Restart-Computer</span></code></pre></div>\n<h2 id=\"wsl-setup\" style=\"position:relative;\"><a href=\"#wsl-setup\" aria-label=\"wsl setup permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>WSL Setup</h2>\n<h3 id=\"switch-to-wsl2\" style=\"position:relative;\"><a href=\"#switch-to-wsl2\" aria-label=\"switch to wsl2 permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Switch to WSL2</h3>\n<p>First, install <code class=\"language-text\">wsl_update_x64.msi</code> downloaded from the link below.</p>\n<p>Reference: <a href=\"https://learn.microsoft.com/en-us/windows/wsl/install-manual#step-4---download-the-linux-kernel-update-package\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Manual installation steps for older versions of WSL | Microsoft Learn</a></p>\n<p>Next, run the following commands from an elevated PowerShell prompt to enable WSL2.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\">wsl <span class=\"token operator\">--</span><span class=\"token function\">set-version</span> Ubuntu 2\nwsl <span class=\"token operator\">--</span><span class=\"token function\">set-version</span> Ubuntu-20<span class=\"token punctuation\">.</span>04 2</code></pre></div>\n<p>The WSL2 enable command is run twice because the following two packages are installed during WinGet installation.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\">winget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Canonical<span class=\"token punctuation\">.</span>Ubuntu<span class=\"token punctuation\">.</span>2204\nwinget<span class=\"token punctuation\">.</span>exe install <span class=\"token operator\">--</span>id Canonical<span class=\"token punctuation\">.</span>Ubuntu<span class=\"token punctuation\">.</span>2004</code></pre></div>\n<p><code class=\"language-text\">Ubuntu 20.04</code> is required to satisfy the prerequisites for SHIFT and REMnux described later.</p>\n<p>Also, since <code class=\"language-text\">Ubuntu 20.04</code> cannot run recent problem binaries due to a glib version dependency, <code class=\"language-text\">Ubuntu 22.04</code> is used as the main CTF analysis environment.</p>\n<h3 id=\"install-packages\" style=\"position:relative;\"><a href=\"#install-packages\" aria-label=\"install packages permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Install Packages</h3>\n<p>Use the following commands to install packages and tools.</p>\n<p>This environment is used for the main analysis, so <code class=\"language-text\">Ubuntu 22.04</code> is used here.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\"><span class=\"token comment\"># Update</span>\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> update <span class=\"token operator\">&amp;&amp;</span> <span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> upgrade -y\n\n<span class=\"token comment\"># Install Docker</span>\n<span class=\"token comment\"># https://docs.docker.com/engine/install/ubuntu/</span>\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> <span class=\"token function\">install</span> <span class=\"token punctuation\">\\</span>\n    ca-certificates <span class=\"token punctuation\">\\</span>\n    <span class=\"token function\">curl</span> <span class=\"token punctuation\">\\</span>\n    gnupg <span class=\"token punctuation\">\\</span>\n    lsb-release <span class=\"token punctuation\">\\</span>\n    -y\n<span class=\"token function\">sudo</span> <span class=\"token function\">mkdir</span> -p /etc/apt/keyrings\n<span class=\"token function\">curl</span> -fsSL https://download.docker.com/linux/ubuntu/gpg <span class=\"token operator\">|</span> <span class=\"token function\">sudo</span> gpg --dearmor -o /etc/apt/keyrings/docker.gpg\n<span class=\"token builtin class-name\">echo</span> <span class=\"token punctuation\">\\</span>\n  <span class=\"token string\">\"deb [arch=<span class=\"token variable\"><span class=\"token variable\">$(</span>dpkg --print-architecture<span class=\"token variable\">)</span></span> signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \\\n  <span class=\"token variable\"><span class=\"token variable\">$(</span>lsb_release -cs<span class=\"token variable\">)</span></span> stable\"</span> <span class=\"token operator\">|</span> <span class=\"token function\">sudo</span> <span class=\"token function\">tee</span> /etc/apt/sources.list.d/docker.list <span class=\"token operator\">></span> /dev/null\n\n<span class=\"token comment\"># Install packages</span>\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> update <span class=\"token operator\">&amp;&amp;</span> <span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> <span class=\"token function\">install</span> <span class=\"token punctuation\">\\</span>\napktool <span class=\"token punctuation\">\\</span>\n    bash-completion <span class=\"token punctuation\">\\</span>\n    build-essential <span class=\"token punctuation\">\\</span>\n    binwalk <span class=\"token punctuation\">\\</span>\n    cifs-utils <span class=\"token punctuation\">\\</span>\n    containerd.io <span class=\"token punctuation\">\\</span>\n    docker-ce <span class=\"token punctuation\">\\</span>\n    docker-ce-cli <span class=\"token punctuation\">\\</span>\n    <span class=\"token function\">docker-compose</span> <span class=\"token punctuation\">\\</span>\n    docker-compose-plugin <span class=\"token punctuation\">\\</span>\n    elfutils <span class=\"token punctuation\">\\</span>\n    exiftool <span class=\"token punctuation\">\\</span>\n    foremost <span class=\"token punctuation\">\\</span>\n    gdb <span class=\"token punctuation\">\\</span>\n    gdbserver <span class=\"token punctuation\">\\</span>\n    glibc-source <span class=\"token punctuation\">\\</span>\n    golang-go <span class=\"token punctuation\">\\</span>\n    <span class=\"token function\">git</span> <span class=\"token punctuation\">\\</span>\n    hexedit <span class=\"token punctuation\">\\</span>\n    hprof-conv <span class=\"token punctuation\">\\</span>\n    libc6-dbg <span class=\"token punctuation\">\\</span>\n    lldb <span class=\"token punctuation\">\\</span>\n    libbpf-dev <span class=\"token punctuation\">\\</span>\n    libseccomp-dev <span class=\"token punctuation\">\\</span>\n    libfuzzy-dev <span class=\"token punctuation\">\\</span>\n    maven <span class=\"token punctuation\">\\</span>\n    <span class=\"token function\">make</span> <span class=\"token punctuation\">\\</span>\n    mingw-w64-* <span class=\"token punctuation\">\\</span>\n    nasm <span class=\"token punctuation\">\\</span>\n    netcat <span class=\"token punctuation\">\\</span>\n    net-tools <span class=\"token punctuation\">\\</span>\n    openjdk-17-jdk <span class=\"token punctuation\">\\</span>\n    patchelf <span class=\"token punctuation\">\\</span>\n    pdftohtml <span class=\"token punctuation\">\\</span>\n    pngcheck <span class=\"token punctuation\">\\</span>\n    python2.7 <span class=\"token punctuation\">\\</span>\n    python3-pip <span class=\"token punctuation\">\\</span>\n    python3.10 <span class=\"token punctuation\">\\</span>\n    python3.10-dev <span class=\"token punctuation\">\\</span>\n    qemu <span class=\"token punctuation\">\\</span>\n    <span class=\"token function\">rar</span> <span class=\"token punctuation\">\\</span>\n    ruby-rubygems <span class=\"token punctuation\">\\</span>\n    snapd <span class=\"token punctuation\">\\</span>\n    steghide <span class=\"token punctuation\">\\</span>\n    <span class=\"token function\">ssh</span> <span class=\"token punctuation\">\\</span>\n    tmux <span class=\"token punctuation\">\\</span>\n    tshark <span class=\"token punctuation\">\\</span>\n    ufw <span class=\"token punctuation\">\\</span>\n    <span class=\"token function\">unzip</span> <span class=\"token punctuation\">\\</span>\n    upx-ucl <span class=\"token punctuation\">\\</span>\n    <span class=\"token function\">vim</span> <span class=\"token punctuation\">\\</span>\n    yara <span class=\"token punctuation\">\\</span>\n    7zip <span class=\"token punctuation\">\\</span>\n    -y\n\n<span class=\"token comment\"># Required to run docker-compose as of 2024/06</span>\npip3 <span class=\"token function\">install</span> <span class=\"token assign-left variable\">requests</span><span class=\"token operator\">==</span><span class=\"token number\">2.29</span>.0\n\n<span class=\"token comment\"># Select /usr/sbin/iptables-legacy</span>\n<span class=\"token function\">sudo</span> update-alternatives --config iptables\n\n<span class=\"token comment\"># Install Rust</span>\n<span class=\"token function\">curl</span> --proto <span class=\"token string\">'=https'</span> --tlsv1.2 -sSf https://sh.rustup.rs <span class=\"token operator\">|</span> <span class=\"token function\">sh</span>\n\n<span class=\"token comment\"># Install SageMath (large package, skip if not needed)</span>\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> <span class=\"token function\">install</span> sagemath -y\n\n<span class=\"token comment\"># Use Docker as a normal user</span>\n<span class=\"token function\">sudo</span> gpasswd -a <span class=\"token environment constant\">$USER</span> <span class=\"token function\">docker</span>\n<span class=\"token function\">sudo</span> <span class=\"token function\">service</span> <span class=\"token function\">docker</span> start --enable\n\n<span class=\"token comment\"># Create SSH key and register it with GitHub</span>\nssh-keygen\n\n<span class=\"token comment\"># Install tools</span>\n<span class=\"token function\">mkdir</span> ~/Tools\n\n<span class=\"token comment\"># Install gdb peda and pwndbg</span>\n<span class=\"token function\">git</span> clone https://github.com/longld/peda.git ~/Tools/peda\n<span class=\"token function\">git</span> clone https://github.com/scwuaptx/Pwngdb.git ~/Tools/Pwngdb\n\n<span class=\"token function\">cat</span> <span class=\"token operator\">&lt;&lt;</span> <span class=\"token string\">EOF<span class=\"token bash punctuation\"> <span class=\"token operator\">></span> ~/.gdbinit</span>\nsource ~/Tools/peda/peda.py\nsource ~/Tools/Pwngdb/pwngdb.py\nsource ~/Tools/Pwngdb/angelheap/gdbinit.py\n\ndefine hook-run\npython\nimport angelheap\nangelheap.init_angelheap()\nend\nend\nEOF</span>\n\n<span class=\"token comment\"># zsteg</span>\n<span class=\"token function\">sudo</span> gem <span class=\"token function\">install</span> zsteg\n\n<span class=\"token comment\"># stegsolve</span>\n<span class=\"token function\">mkdir</span> -p ~/Tools/stegsolve\n<span class=\"token builtin class-name\">cd</span> ~/Tools/stegsolve\n<span class=\"token function\">wget</span> http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar\n<span class=\"token function\">chmod</span> +x stegsolve.jar\n\n<span class=\"token comment\"># pwninit</span>\n<span class=\"token function\">mkdir</span> -p ~/Tools/pwninit\n<span class=\"token builtin class-name\">cd</span> ~/Tools/pwninit\n<span class=\"token function\">wget</span> https://github.com/io12/pwninit/releases/download/3.3.0/pwninit\n<span class=\"token function\">chmod</span> +x ./pwninit\n\n<span class=\"token comment\"># Install pip2</span>\n<span class=\"token function\">curl</span> https://bootstrap.pypa.io/pip/2.7/get-pip.py -o ~/Tools/get-pip.py\npython2.7 ~/Tools/get-pip.py\n/home/ubuntu/.local/bin/pip2 <span class=\"token function\">install</span> --upgrade setuptools\n/home/ubuntu/.local/bin/pip2 <span class=\"token function\">install</span> pipenv\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> <span class=\"token function\">install</span> python2-dev --fix-missing\n\n<span class=\"token comment\"># pip tools</span>\n<span class=\"token function\">sudo</span> pip3 <span class=\"token function\">install</span> <span class=\"token punctuation\">\\</span>\nangr <span class=\"token punctuation\">\\</span>\nciphey <span class=\"token punctuation\">\\</span>\n    pipenv <span class=\"token punctuation\">\\</span>\n    python-magic <span class=\"token punctuation\">\\</span>\n    pycryptodome <span class=\"token punctuation\">\\</span>\n    pwntools <span class=\"token punctuation\">\\</span>\n    yara-python\n\n<span class=\"token comment\"># volatility3</span>\n<span class=\"token builtin class-name\">cd</span> ~/Tools\n<span class=\"token function\">git</span> clone https://github.com/volatilityfoundation/volatility3.git\n\n<span class=\"token comment\"># Download extract-vmlinux</span>\n<span class=\"token builtin class-name\">cd</span> ~/Tools\n<span class=\"token function\">wget</span> https://raw.githubusercontent.com/torvalds/linux/master/scripts/extract-vmlinux\n<span class=\"token function\">chmod</span> +x extract-vmlinux\n\n<span class=\"token comment\"># Install ropr</span>\ncargo <span class=\"token function\">install</span> ropr\n\n<span class=\"token comment\"># Install Steganography</span>\n<span class=\"token builtin class-name\">cd</span> ~/Tools\n<span class=\"token function\">git</span> clone https://github.com/ragibson/Steganography\n<span class=\"token builtin class-name\">cd</span> Steganography\n<span class=\"token function\">sudo</span> python3 setup.py <span class=\"token function\">install</span>\n\n<span class=\"token comment\"># Set up stegoveritas</span>\npip3 <span class=\"token function\">install</span> stegoveritas\nstegoveritas_install_deps\n\n<span class=\"token comment\"># Install darling (with all dependencies)</span>\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> <span class=\"token function\">install</span> cmake clang bison flex libfuse-dev libudev-dev pkg-config libc6-dev-i386 <span class=\"token punctuation\">\\</span>\ngcc-multilib libcairo2-dev libgl1-mesa-dev libglu1-mesa-dev libtiff5-dev <span class=\"token punctuation\">\\</span>\nlibfreetype6-dev <span class=\"token function\">git</span> git-lfs libelf-dev libxml2-dev libegl1-mesa-dev libfontconfig1-dev <span class=\"token punctuation\">\\</span>\nlibbsd-dev libxrandr-dev libxcursor-dev libgif-dev libavutil-dev libpulse-dev <span class=\"token punctuation\">\\</span>\nlibavformat-dev libavcodec-dev libswresample-dev libdbus-1-dev libxkbfile-dev <span class=\"token punctuation\">\\</span>\nlibssl-dev python2 -y\n<span class=\"token function\">wget</span> https://github.com/darlinghq/darling/releases/download/v0.1.20220704/darling_0.1.20220704.focal_amd64.deb\n<span class=\"token function\">sudo</span> dpkg -i darling_0.1.20220704.focal_amd64.deb\n<span class=\"token function\">rm</span> darling_0.1.20220704.focal_amd64.deb\n\n<span class=\"token comment\"># Install QEMU-related tools</span>\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> <span class=\"token function\">install</span> qemu-user-binfmt qemu-efi qemu-efi-aarch64 qemu-efi-arm qemu-system qemu-system-arm qemu-system-common qemu-system-x86 qemu-system-misc qemu-utils g++-arm-linux-gnueabihf gdb-multiarch -y\n\n<span class=\"token comment\"># Install wabt</span>\n<span class=\"token function\">wget</span> https://github.com/WebAssembly/wabt/releases/download/1.0.33/wabt-1.0.33-ubuntu.tar.gz\n\n<span class=\"token comment\"># Install smali2java and jadx: https://github.com/skylot/jadx/releases</span>\n\n<span class=\"token comment\"># Install one_gadget</span>\n<span class=\"token function\">sudo</span> gem <span class=\"token function\">install</span> one_gadget\n\n<span class=\"token comment\"># Install seccomp-tools</span>\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> <span class=\"token function\">install</span> ruby-dev -y\n<span class=\"token function\">sudo</span> gem <span class=\"token function\">install</span> seccomp-tools\n\n<span class=\"token comment\"># Risc-V</span>\n<span class=\"token function\">git</span> clone https://github.com/riscv-collab/riscv-gnu-toolchain\n<span class=\"token builtin class-name\">cd</span> riscv-gnu-toolchain\n<span class=\"token function\">git</span> checkout origin/extra-multi-lib-test\n\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt-get</span> <span class=\"token function\">install</span> autoconf automake autotools-dev <span class=\"token function\">curl</span> python3 python3-pip libmpc-dev libmpfr-dev libgmp-dev <span class=\"token function\">gawk</span> build-essential bison flex texinfo gperf libtool patchutils <span class=\"token function\">bc</span> zlib1g-dev libexpat-dev ninja-build <span class=\"token function\">git</span> cmake libglib2.0-dev python-is-python3 -y\n\n<span class=\"token comment\"># Install gef for root</span>\n<span class=\"token function\">sudo</span> <span class=\"token function\">su</span>\n<span class=\"token function\">wget</span> -O ~/.gdbinit-gef.py -q https://gef.blah.cat/py\n\n<span class=\"token function\">sudo</span> <span class=\"token function\">su</span>\n./configure --prefix<span class=\"token operator\">=</span>/home/ubuntu/Tools/riscv\n<span class=\"token function\">make</span> linux\n\n<span class=\"token comment\"># Clone glibc source</span>\n<span class=\"token builtin class-name\">cd</span> ~/Tools\n<span class=\"token function\">git</span> clone https://github.com/bminor/glibc\n<span class=\"token builtin class-name\">echo</span> <span class=\"token builtin class-name\">source</span> ~/.gdbinit-gef.py <span class=\"token operator\">></span> ~/.gdbinit\n\n<span class=\"token comment\"># Set up aliases</span>\n<span class=\"token builtin class-name\">echo</span> -e <span class=\"token string\">\"\nalias tarbz2='tar -jxvf'\nalias targz='tar -zxvf'\nalias tarxz='tar -Jxvf'\nalias aptupgrade='sudo apt update &amp;&amp; sudo apt upgrade -y &amp;&amp; sudo apt autoremove -y'\nalias checksec='pwn checksec'\n\nalias run_python2='docker run --net host --rm -it -v <span class=\"token environment constant\">$PWD</span>:/app python2 bash'\nalias run_python3='docker run --net host --rm -it -v <span class=\"token variable\"><span class=\"token variable\">`</span><span class=\"token builtin class-name\">pwd</span><span class=\"token variable\">`</span></span>:/app python3 bash'\nalias run_wine='docker run --rm -it --user ubuntu -v <span class=\"token environment constant\">$PWD</span>:/usr/app wine32 bash'\nalias run_php='docker run --net host --rm -it -v <span class=\"token environment constant\">$PWD</span>:/root php bash'\nalias run_impacker='docker run --net host --rm -it -v <span class=\"token variable\"><span class=\"token variable\">`</span><span class=\"token builtin class-name\">pwd</span><span class=\"token variable\">`</span></span>:/root impacket'\nalias pince='cd /home/parrot/Tools/PINCE &amp;&amp; sh PINCE.sh'\n\nalias aptupgrade='sudo apt update &amp;&amp; sudo apt upgrade -y &amp;&amp; sudo apt autoremove -y'\nalias sample2zip='zip -P infected -r'\n\nsudo /etc/init.d/docker start > /dev/null\n\nexport PATH=<span class=\"token environment constant\">$PATH</span>:/home/ubuntu/.local/bin:/home/ubuntu/Tools:/home/ubuntu/Tools/stegsolve:/home/ubuntu/Tools/wabt:/home/ubuntu/Tools/pwninit\nexport DISPLAY=<span class=\"token variable\"><span class=\"token variable\">$(</span><span class=\"token function\">cat</span> /etc/resolv.conf <span class=\"token operator\">|</span> <span class=\"token function\">grep</span> nameserver <span class=\"token operator\">|</span> <span class=\"token function\">awk</span> <span class=\"token string\">'{print $2}'</span><span class=\"token variable\">)</span></span>:0\"</span> <span class=\"token operator\">>></span> ~/.bashrc\n\n<span class=\"token comment\"># Create a symbolic link to the host machine</span>\n<span class=\"token function\">ln</span> -s /mnt/c/Users/kash1064/Downloads/ win\n\n<span class=\"token comment\"># Remove password requirement for frequently used commands</span>\n<span class=\"token builtin class-name\">echo</span> <span class=\"token environment constant\">$USER</span> <span class=\"token assign-left variable\">ALL</span><span class=\"token operator\">=</span>NOPASSWD: /usr/bin/apt <span class=\"token operator\">|</span> <span class=\"token function\">sudo</span> <span class=\"token function\">tee</span> /etc/sudoers.d/apt\n<span class=\"token builtin class-name\">echo</span> <span class=\"token environment constant\">$USER</span> <span class=\"token assign-left variable\">ALL</span><span class=\"token operator\">=</span>NOPASSWD: /etc/init.d/docker <span class=\"token operator\">|</span> <span class=\"token function\">sudo</span> <span class=\"token function\">tee</span> /etc/sudoers.d/docker\n<span class=\"token function\">sudo</span> <span class=\"token function\">chmod</span> <span class=\"token number\">440</span> /etc/sudoers.d/*\n\n<span class=\"token comment\"># Add libraries to run 32-bit binaries</span>\n<span class=\"token function\">sudo</span> dpkg --add-architecture i386\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> update\n\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> <span class=\"token function\">install</span> libncurses6:i386\n\n<span class=\"token comment\"># Install ripgrep</span>\n<span class=\"token comment\"># To enable pcre2: cargo install ripgrep --features 'pcre2'</span>\nrustup <span class=\"token function\">install</span> stable\ncargo <span class=\"token function\">install</span> ripgrep\n\n<span class=\"token comment\"># Clean up</span>\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> autoremove -y\n<span class=\"token function\">sudo</span> <span class=\"token function\">rm</span> /var/crash/*</code></pre></div>\n<h3 id=\"install-libc-database-in-wsl2\" style=\"position:relative;\"><a href=\"#install-libc-database-in-wsl2\" aria-label=\"install libc database in wsl2 permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Install libc-database in WSL2</h3>\n<p>libc-database lets you look up libc offsets, but online tools may have outdated information, making it impossible to identify the needed version.</p>\n<p>Therefore, we set up libc-database locally.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\"><span class=\"token comment\"># Clone libc-database</span>\n<span class=\"token builtin class-name\">cd</span> ~/Tools\n<span class=\"token function\">git</span> clone https://github.com/niklasb/libc-database\n\n<span class=\"token comment\"># Install dependencies</span>\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> update <span class=\"token operator\">&amp;&amp;</span> <span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> <span class=\"token function\">install</span> -y <span class=\"token punctuation\">\\</span>\n  binutils <span class=\"token function\">file</span> <span class=\"token punctuation\">\\</span>\n  <span class=\"token function\">wget</span> <span class=\"token punctuation\">\\</span>\n  rpm2cpio cpio <span class=\"token punctuation\">\\</span>\n  zstd jq -y\n\n<span class=\"token comment\"># Fetch libc information for each platform (consumes time and storage)</span>\n<span class=\"token builtin class-name\">cd</span> ~/Tools/libc-database\n./get ubuntu debian <span class=\"token function\">rpm</span> centos alpine</code></pre></div>\n<p>Reference: <a href=\"https://github.com/niklasb/libc-database\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">GitHub - niklasb/libc-database: Build a database of libc offsets to simplify exploitation</a></p>\n<h3 id=\"install-rp-in-wsl2\" style=\"position:relative;\"><a href=\"#install-rp-in-wsl2\" aria-label=\"install rp in wsl2 permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Install rp++ in WSL2</h3>\n<p>Download from the link below.</p>\n<p>Reference: <a href=\"https://github.com/0vercl0k/rp/releases\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Releases · 0vercl0k/rp</a></p>\n<h3 id=\"install-remnux-tools-in-wsl2\" style=\"position:relative;\"><a href=\"#install-remnux-tools-in-wsl2\" aria-label=\"install remnux tools in wsl2 permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Install REMnux Tools in WSL2</h3>\n<p>Next, install the REMnux add-on to the <code class=\"language-text\">Ubuntu 20.04</code> WSL2 instance.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\"><span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> update <span class=\"token operator\">&amp;&amp;</span> <span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> upgrade -y\n\n<span class=\"token comment\"># Place the installer</span>\n<span class=\"token function\">wget</span> https://REMnux.org/remnux-cli\n<span class=\"token function\">mv</span> remnux-cli remnux\n<span class=\"token function\">chmod</span> +x remnux\n<span class=\"token function\">sudo</span> <span class=\"token function\">mv</span> remnux /usr/local/bin\n\n<span class=\"token comment\"># Install</span>\n<span class=\"token function\">sudo</span> remnux <span class=\"token function\">install</span> --mode<span class=\"token operator\">=</span>addon</code></pre></div>\n<p>Reference: <a href=\"https://docs.remnux.org/install-distro/install-from-scratch\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Install from Scratch - REMnux Documentation</a></p>\n<p>Reference: <a href=\"https://qiita.com/ninja400/items/47a08e71ddf1309d1c1b#remnux%E3%81%AE%E3%82%A4%E3%83%B3%E3%82%B9%E3%83%88%E3%83%BC%E3%83%AB\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Using Linux Forensics Tools in a Windows Environment! - Qiita</a></p>\n<h3 id=\"enable-gui-tools-in-wsl2\" style=\"position:relative;\"><a href=\"#enable-gui-tools-in-wsl2\" aria-label=\"enable gui tools in wsl2 permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Enable GUI Tools in WSL2</h3>\n<p>The REMnux add-on includes many GUI tools, and we want to be able to use them.</p>\n<p>First, launch the already-installed VcXsrv Windows X Server.</p>\n<p>Leave the settings at their defaults, and on the next screen also select [Start no client].</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 498px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/755ffcd8a8c8f55744bde4fa885b4740/79e1b/image-20230519220135087.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 78.33333333333333%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAQCAYAAAAWGF8bAAAACXBIWXMAAAsTAAALEwEAmpwYAAADEUlEQVQ4y5VTy0tUYRT/oFWbWrRKalFYizLIkkIRhBZabQwxKrLFgFGuiuhBSFBGtAja+A9ELaIHylRqCZaMWfiYl6Mzg87zzp0Z53Xnzr3zkhn99Z1PR6doUQM/vu/eOed3z/md32GFQgGFQp6jiOrf6uoq1tbW/hnlchmlUgnM5VzAvGMeLqcTbrcLdvsc4vE4crkcdF2Hpmn/BRaSQrCYzZiZnobNasXU1BSsVhsnd8Mxv4BIdBmqqiKdTv+GVColkNw4K+8ZBSuKIpDi0LUMtIyKVDIJTVWQ09WNpOQmCSWucKkEigUUuWT0njiYluEEuoYMPwv5HOaXJIx8d2Da4YPRtIDhH27xkUxVW0FJwlvjRwwMfca7D0MY/DQiyKg4Fo1E4PP5EQhKSCeiePXFimGTGcvRKCbnJP5sRyKRQDAYRCAQAA3x68Qktu0/Cna4BWxfA3YfbxExVBSLxZbh9frg8wegxCN4MTSDvpfjKKyUxLS9cgJyNA45FBJxRU44Om4C21sHVt8GdqAJNSdObRHSJLPZrGipXCpiYtaNe/3DeD9mx8C3OYxNu3mgujlxmr5tzgHDzbvo6X0Mw50HuNH7EEmuuWiZLmSTWCzGNczjzaARx053oPnSNRxq7cTtvqfIZXWekBJJFDNjsaK54zIaL3Sj4VwXznR1bxES0eLiIpxOF1K87EfP+8G27wE70gq2sxZtXVcFoYWTmEwTQsvR8QmwXbVgB7mGNfXYUde01TK1QReFW2GNu/31gBH1Z8+jtfsW//oV3H/yDHnepizLnExCkif+nJlFY/tFtHT14GSnAe2G61sVkt/IQwnyHSdX0wqymop8VkNeX/fkn9ugqmkek0GW/0dnRq0YnhNaLBaYzRbYbHZI0vokqRIpJCMcjojKwtxaf26KskGwjrSoTlRImkjcqJFIGBInIjLym9frFSchxC1DxhVEGwau3jCSbHP1aFMqARVQQDXoHTmBIEweCIpu6E7wLHkgh8NCOpb5y+JXg8hI8DBPqMDv94vKo3ybCB6PR0yfBvYL4YxcglmYkEQAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/755ffcd8a8c8f55744bde4fa885b4740/8ac56/image-20230519220135087.webp 240w,\n/static/755ffcd8a8c8f55744bde4fa885b4740/d3be9/image-20230519220135087.webp 480w,\n/static/755ffcd8a8c8f55744bde4fa885b4740/71ce1/image-20230519220135087.webp 498w\"\n              sizes=\"(max-width: 498px) 100vw, 498px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/755ffcd8a8c8f55744bde4fa885b4740/8ff5a/image-20230519220135087.png 240w,\n/static/755ffcd8a8c8f55744bde4fa885b4740/e85cb/image-20230519220135087.png 480w,\n/static/755ffcd8a8c8f55744bde4fa885b4740/79e1b/image-20230519220135087.png 498w\"\n            sizes=\"(max-width: 498px) 100vw, 498px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/755ffcd8a8c8f55744bde4fa885b4740/79e1b/image-20230519220135087.png\"\n            alt=\"image-20230519220135087\"\n            title=\"image-20230519220135087\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Configure the Extra Settings as shown below.</p>\n<p>Enter <code class=\"language-text\">-ac</code> as the parameter.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 498px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/46798a3cd8ddff508c2a4da34ca648e1/79e1b/image-20230519220224276.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 78.75000000000001%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAQCAYAAAAWGF8bAAAACXBIWXMAAAsTAAALEwEAmpwYAAACJUlEQVQ4y52T3XPSQBTF+a/9K3yxTh/VvqnjjI4P6owdRbGVBgIECJBAvggkpEkIDfko7cNx7w4fSZ2prQ9ndmGy5/7u3bOV2dyFrhuIVjE2N7fI8uv/Up7nOHr5FpXJeIyxqmI0HGG5XCJLUyRJ8iit12vc3mxwfPIOFcu0GKEORVHgLhZYrVbcOIqiBysMQw7ynAjjOOYVSGQUBAH/4DHy2ZkkWePoxRtUZrMZptMpHMdFfBVzwqIeQkggebYlNFi71WoVrVYbsixjMBjw9icTja0qJ0gYfbGTu0VLhnRA0zR0OhIuLgQIQoObmaYJ3TBg2zbvwLIsLtoTVZG+ZOh5HsbspiVJgqKO4bou5vM5aBRk5jgO7O3eNEyYzPReQ5fNrvazhrNfZ6gzQjJuNEQ0G01GK/BRNBi1JHUZtcWLk4qmJUMiaIkt9Psyet0ea73DZ0eEuxapffq9O7xcRnvDv2boseyJzRYkNkOi6PV6POQamyNdmMrGoPELUqCyQrTK8gC+7+8Jw7BgKIoi/2A0VNgND/chJ/IDUVm7/3c5pOxmaXK4FIpCypJOSnbr9kkVn1dZh6dHkdpc59vYsEqUdN+/o6AsmhspYES0Upu0J5FHyoyf0UvJkitkSfxPXbpzeK6D0Pdg6hPMbAvB5QJxFMI2DaRxhONXr1E572q4XzpqbRWffohcn2ttvP/6Gx+/Cfhy1sFpvY8Pp3V8F2Q8eXqCP829lJ88an0ZAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/46798a3cd8ddff508c2a4da34ca648e1/8ac56/image-20230519220224276.webp 240w,\n/static/46798a3cd8ddff508c2a4da34ca648e1/d3be9/image-20230519220224276.webp 480w,\n/static/46798a3cd8ddff508c2a4da34ca648e1/71ce1/image-20230519220224276.webp 498w\"\n              sizes=\"(max-width: 498px) 100vw, 498px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/46798a3cd8ddff508c2a4da34ca648e1/8ff5a/image-20230519220224276.png 240w,\n/static/46798a3cd8ddff508c2a4da34ca648e1/e85cb/image-20230519220224276.png 480w,\n/static/46798a3cd8ddff508c2a4da34ca648e1/79e1b/image-20230519220224276.png 498w\"\n            sizes=\"(max-width: 498px) 100vw, 498px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/46798a3cd8ddff508c2a4da34ca648e1/79e1b/image-20230519220224276.png\"\n            alt=\"image-20230519220224276\"\n            title=\"image-20230519220224276\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Save the generated <code class=\"language-text\">config.xlaunch</code> to <code class=\"language-text\">%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup</code>.</p>\n<p>Next, add the following command to <code class=\"language-text\">.bashrc</code> in the WSL instance where REMnux is set up to register the display setting.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\"><span class=\"token builtin class-name\">export</span> <span class=\"token assign-left variable\"><span class=\"token environment constant\">DISPLAY</span></span><span class=\"token operator\">=</span><span class=\"token variable\"><span class=\"token variable\">$(</span><span class=\"token function\">cat</span> /etc/resolv.conf <span class=\"token operator\">|</span> <span class=\"token function\">grep</span> nameserver <span class=\"token operator\">|</span> <span class=\"token function\">awk</span> <span class=\"token string\">'{print $2}'</span><span class=\"token variable\">)</span></span>:0</code></pre></div>\n<p>After restarting the OS, the setup is complete once GUI apps launched from WSL are accessible on the Windows side.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 960px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/59a935d359d29710c4d4a45c2e99a2c9/52576/image-20230519222129404.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 61.66666666666666%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAMCAYAAABiDJ37AAAACXBIWXMAAAsTAAALEwEAmpwYAAACRklEQVQoz32Sy2sTURTGZ+Gi+0CFpJk8NISsIuhfoVh0K7rXlX+EpSTBki6kuhGXFhdSxEVFSwYRF2qFirYoKlpNpnnMTCaZ153X57k3kxgQe5mPe+/Mub/5zrlHyuVyKJfLKBaLkLNZ3LxxHY16Dc1mE+vrTayt3aZ9HY1GHfU6V21ODdRWV7B6dxO3Hr3HysM3kFKpFGRZRj6fB1+/UlrgI44jBGEEP4gQxgAtEeOYEfpAxCBxh1wFcphJp7H15Cn04RDq719QOyrUbhcDTUd/MICm6zCMIYyhCdM00dNMbL3VsfttBM/zYDsupEwmg0qlgmq1ilKphBc7inA1pEOO7cImOYn42rIcmh3aOxhbLj63XXQ0D4EfgLFgkjJ3yGvI4a2WIjLwPF8EHCefIIgCegIRzyXJBMsXikJLWRmK8lIAHcebBc3EQjAq1RTI37nJN8YmknKnFpEvncTpwhJy6UUoiUMOnB6awjyLyjBURdquy/5xLBwunLuGhbNcV3HizBU8f72XANnftGkmY7D2PqLzeBP7B1/w6cNXAZ3PQNRQuvQA0uVEy/exvXs4AXIHPND16CCJbtG1qQyGTS0UIwjCOc05lC5uYKbzd/Ds3Y8ESH+k2+YwkX5SJyeKEIUhYpr5pfg+1TUEfAIGvIbS8j3MdGED21MgtQSj/mN0ICIXvX4fuj4CjlT8bBs4+K5RqzDRSlH3EBa5N9zw/8CxacGgxh6NbYJbBOlhnyCh2oZ6ZOCwrWE8GmNEcnsURxfVMx38ASxWGIkCWcigAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/59a935d359d29710c4d4a45c2e99a2c9/8ac56/image-20230519222129404.webp 240w,\n/static/59a935d359d29710c4d4a45c2e99a2c9/d3be9/image-20230519222129404.webp 480w,\n/static/59a935d359d29710c4d4a45c2e99a2c9/e46b2/image-20230519222129404.webp 960w,\n/static/59a935d359d29710c4d4a45c2e99a2c9/bd371/image-20230519222129404.webp 1412w\"\n              sizes=\"(max-width: 960px) 100vw, 960px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/59a935d359d29710c4d4a45c2e99a2c9/8ff5a/image-20230519222129404.png 240w,\n/static/59a935d359d29710c4d4a45c2e99a2c9/e85cb/image-20230519222129404.png 480w,\n/static/59a935d359d29710c4d4a45c2e99a2c9/d9199/image-20230519222129404.png 960w,\n/static/59a935d359d29710c4d4a45c2e99a2c9/52576/image-20230519222129404.png 1412w\"\n            sizes=\"(max-width: 960px) 100vw, 960px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/59a935d359d29710c4d4a45c2e99a2c9/d9199/image-20230519222129404.png\"\n            alt=\"image-20230519222129404\"\n            title=\"image-20230519222129404\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<h3 id=\"kali-setup\" style=\"position:relative;\"><a href=\"#kali-setup\" aria-label=\"kali setup permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Kali Setup</h3>\n<p>Let’s also set up the Kali Linux installed in WSL.</p>\n<p>First, switch Kali to WSL2.</p>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\">wsl <span class=\"token operator\">--</span><span class=\"token function\">set-version</span> kali-linux 2</code></pre></div>\n<p>You could also install kali-tools into Ubuntu, but for minimal setup to easily use tools like msfvenom, proceed as follows.</p>\n<p>First, to resolve the <code class=\"language-text\">EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository</code> error, download <code class=\"language-text\">kali-archive-keyring_2022.1_all.deb</code> from the repository below, place it in the WSL Kali instance, and install it.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\"><span class=\"token comment\"># https://http.kali.org/kali/pool/main/k/kali-archive-keyring/</span>\n<span class=\"token function\">sudo</span> dpkg -i kali-archive-keyring_2022.1_all.deb</code></pre></div>\n<p>Reference: <a href=\"https://http.kali.org/kali/pool/main/k/kali-archive-keyring/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Index of /kali/pool/main/k/kali-archive-keyring</a></p>\n<p>Reference: <a href=\"https://www.techtutsonline.com/the-following-signatures-were-invalid-expkeysig-ed444ff07d8d0bf6-kali-linux-repository/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository</a></p>\n<p>This enables package updates via apt.</p>\n<p>Next, proceed with package updates and setup using the following commands. (Note: running dist-upgrade immediately can break apt, so be careful.)</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\"><span class=\"token comment\"># Install Tools</span>\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> update <span class=\"token operator\">&amp;&amp;</span> <span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> <span class=\"token function\">install</span> kali-linux-large -y\n<span class=\"token function\">sudo</span> <span class=\"token function\">apt</span> <span class=\"token function\">install</span> <span class=\"token punctuation\">\\</span>\nbash-completion <span class=\"token punctuation\">\\</span>\n<span class=\"token function\">vim</span> <span class=\"token punctuation\">\\</span>\nsox <span class=\"token punctuation\">\\</span>\nmultimon-ng <span class=\"token punctuation\">\\</span>\n-y</code></pre></div>\n<p>Reference: <a href=\"https://www.kali.org/docs/wsl/win-kex/#window-mode\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Win-KeX | Kali Linux Documentation</a></p>\n<p>The Kali tools include many GUI applications.</p>\n<p>To be able to use these, add the following to <code class=\"language-text\">.bashrc</code> on the Kali side as well.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\"><span class=\"token builtin class-name\">export</span> <span class=\"token assign-left variable\"><span class=\"token environment constant\">DISPLAY</span></span><span class=\"token operator\">=</span><span class=\"token variable\"><span class=\"token variable\">$(</span><span class=\"token function\">cat</span> /etc/resolv.conf <span class=\"token operator\">|</span> <span class=\"token function\">grep</span> nameserver <span class=\"token operator\">|</span> <span class=\"token function\">awk</span> <span class=\"token string\">'{print $2}'</span><span class=\"token variable\">)</span></span>:0</code></pre></div>\n<p>Note: if you run into issues on the WSL side and cannot access it, you can access the shell as the root user by running the following command from PowerShell.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">wsl --distribution kali-linux -u root</code></pre></div>\n<h2 id=\"summary\" style=\"position:relative;\"><a href=\"#summary\" aria-label=\"summary permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Summary</h2>\n<p>I rebuilt my CTF environment that I had been using for about three years.</p>\n<p>After a while, the configuration starts getting hard to keep track of, so I plan to update this article whenever I make changes in the future.</p>","fields":{"slug":"/ctf-setup-windows-lab-en","tagSlugs":["/tag/ctf-en/","/tag/windows-en/","/tag/notes-en/","/tag/備忘録/","/tag/english/"]},"frontmatter":{"date":"2023-05-19","description":"A guide for setting up a virtual machine for CTF competitions.","tags":["CTF (en)","Windows (en)","Notes (en)","備忘録","English"],"title":"Setting Up a Windows CTF Environment","socialImage":{"publicURL":"/static/df364e33e8462f80af1bc320bdee15bd/ctf-setup-windows-lab.png"}}}},"pageContext":{"slug":"/ctf-setup-windows-lab-en"}},"staticQueryHashes":["251939775","401334301","825871152"]}