I need a seasoned malware-analysis engineer to design and script a Windows-based research lab running inside VMware that lets me detonate command-and-control samples, watch every packet, and turn the raw traffic into actionable fingerprints. Environment The guest will be Windows (latest stable build) and must be completely isolated from my production LAN. You will harden the hypervisor, configure virtual NICs in “host-only” mode, and add automated snapshot / rollback logic so I can restore the VM after each detonation without manual effort. Traffic collection & enrichment Inside the sandbox I want full-packet capture plus the ability to parse, enrich, and store metadata in real time. Your Python tooling should pull JA4 and JA4-H fingerprints, but also go beyond TLS by recognising QUIC, DNS, and SMB/CIFS flows, then correlate them so I can see how one sample behaves across protocols in a single timeline. Core deliverables • A repeatable VMware configuration script or template, with isolation controls clearly documented • Python modules (CLI-driven) that: – ingest pcap or live interface traffic – extract JA4/JA4-H, DNS RR data, QUIC version info, and SMB/CIFS command sequences – write results to JSON and a lightweight SQLite DB for easy querying • Demonstration: run two known C2 samples, show captured traffic, generated fingerprints, and cross-protocol correlation output • Clear setup guide and inline code comments so I can extend the engine later Acceptance criteria The VM must have no route to the internet unless passed through your controlled proxy, all fingerprints must match reference values I provide during testing, and the whole toolchain should run on Python 3.11 using only open-source libraries (Scapy, dpkt, pyshark or similar). If you have deep packet analysis experience, have already handled JA4+ fingerprints, and can build robust automation around VMware, let’s talk.