How to set up a malware analysis lab safely

I want to start analyzing malware samples as part of my threat research. What’s the safest way to set up an isolated lab? I’m thinking VMs on a dedicated machine with no network access, but I want to make sure I’m not missing anything. What tools do you recommend?

Here’s my recommended setup:

• Hardware: Dedicated machine (NOT your daily driver), 32GB+ RAM, SSD
• Hypervisor: VMware Workstation Pro or VirtualBox
• Network: Isolated VLAN or completely disconnected. Use INetSim for simulating internet services
• VMs: REMnux (Linux analysis), FlareVM (Windows analysis), Windows 10 (detonation)
• Tools: Ghidra, x64dbg, Process Monitor, Wireshark, YARA, Cuckoo Sandbox

Critical: Never connect your analysis VMs to your production network. Use snapshots religiously – revert after every analysis session.