Blog

The blog content will appear below here.

cybersecurity homelab for dectection & monitoring

[linkstandalone]

Building a cyberscurity homelab for detection & monitoring

This homelab will help you apply concepets used in real-world large-scale/enterprise infrastructe

What is a homelab

A homelab is a place where you can safely do experiments without messing anything up

Content

network topology

Downloading & installing vmware workstation pro

VMware workstation pro

Configuring Pfsense

pfsense will be configured as a firewall to segment our private homelab network and will be only accessible from our Kali Linux VM

Click "Create a new Virtual Machine" on VMware Workstation homescreen

Make sure "Typical (recommened)" is selected and click Next.

network topology

click browser and navigate to the folder where your pfsense file is located.

Click Next.

iso

Rename your Virtual Machine. Preferably "pf-l1"

Click next

20GB disk size is sufficient for this VM

Ensure that the "Split virtual disk into multiple files" option is selected

Click next.

disk

Click "Customize Hardware".

Increase the memory to 2GB

Add 5 network adapters and corresponf them with VMnet interface as shown below. Then click finsh

network

The pfsense machine will power on and start with this screen. Accept all the defaults.Pfsense will configure and reboot. pfsense

Ones you are in the home screen of pfsense we will get start setting up network adapters.

Enter option 1

Should VLANS be set up now [y:n]?:n

enter em0, em1, em2, em3, em4 & em5 respectively for each consecutive question

Do you want to proceed [y:n]?:y

em em2

Enter option 2 We'll start with the LAN interface (2) The ip address 192.168.1.1 is going to be used to access the pfsense WebGUI via the Kali Machine use the configuration below for the LAN interface.

opt1

Use the configuration below for the OPT1 interface.

opt1-1

Use the configuration below for the OPT2 interface

opt2

Leave the OPT3 interface without an IP as it is going to have the span port with traffic that Security Onion will be monitoring. Use the configuration for the OPT4 interface.

opt4

Configuring Security Onion

This will be the all-in-one IDS,Security Monitoring, and Log Management solution Download the Security Onion ISO file from here

Select Typical installation and click next.

Installer disc image file, SO ISO file path and Click Next.

On the next screen chose Linux, CentOS 7 64-Bit and click Next.

Name the VM l1-sec and click next.

minimum 200GB but if you can use 400GB

Then click "Customize Hardware" and do the following

~Change memory to 4-32GB

~ Add two Network Adapters and assign them Vmnet4 & Vmnet5 respectively.

sec

power on the virtual machine and click enter when prompted

After the intial stages of loading, type "yes" when prompted

sec1

~Set a username & password

After Security Onion reboots, we will finsh up the install.

Enter the Username & password.

Select "Yes"

sec2.png

Select the EVAL option

sec3.png

Type "AGREE"

sec4

Select "Standard" sec5

Set a homename

Click the spacebar to select ens33 as the managment interface

sec6

Set the addressing to DHCP.

sec7

Select "YES" at the next prompt

Select "OK" at the next prompt.

Select "Direct" for the next prompt.

Select "ens35" as the monitor Interface.

sec8

Select "Automatic" for the OS patch schedule.

Accept the default home network IP.

Accept all the defaults.

Enter an email address and password for the admin account.

Select "IP"

sec9.png

Select "Yes" for the NTP server & accept the defaults

Take note of your final settings before proceeding! if possiable take a screenshot

Most important detail is the IP address for web access

Select "YES"

SecOnionMgmt/Analyst Machine

After installing Security Onion, having access to the web interface will be done from an external Ubuntu Desktop simulating a SOC/Security Analyst accessing a SIEM or any other tool from their device.

In order to this, you’ll first have to configure an Ubuntu Desktop. This is a very easy process and I’ll not be covering it in this write-up but it is covered in the video. Be sure to use all the default settings for the Ubuntu Desktop configuration.

Download Ubuntu Desktop Install Ubuntu Desktop

After this installation, run the ifconfig command on the Ubuntu Machine and take note of its IP Address.

Go back to your SO instance and run the following command

	
		sudo so-allow
	

Enter your password

type a and wait for the process to complete

Type in the IP addrss of your Ubuntu desktop

Navigate to the SO IP on your ubuntu desktop

Configuring Kali Linux

Kali Linux will be used as a attcker machine

Download the Kali Linux ISO

before power on on the VM, change the Network Adapter to Vmnet2 and set the memory to 4GB, then power it on

go throught the install

Pfsense interfaces and Rules

We will use the Kali VM to setup pfsense

Navigate to the web browser and search for 192.168.1.1

The default creds are "admin" & "pfsense"

You'll be greeted with a "Wizard/pfsense setup/" page.

Set the DNS server as 8.8.8.8 and 4.4.4.4

Then chose your timezone

At step 4 of 9, untick the last two options.

at step 6 of 9, set a new admin password.

Set up Interface

Click on interface

select LAN

For "Description", Change LAN to KALI as this is the Kali Interface

Scroll all the way down and Click Save

Then do this for the rest of the interfaces as show below

pfsense

For OPT3 be sure to Enable interfacce.

Back at Interfaces assigment select bridges

Click add

pfsense1

Select VictimNetwork as the Member Interface

pfsense3

Then select Display Advanced

Under Advanced Configuration for Span Port, select "SPANPORT"

Scroll all the way down and Click Save

pfsense3

Click Firewall >> Rules

pfsense4

Select the add button with arrow pointed downward

~Under "edit firewall rule" for Protocol select ANY

~ Scroll all the down and click save

This is most of what we need to do in pfsense

Configing Windows server as a domain controller

You can follow The Cyber Mentor guide to set up Active Directory and Windows 10 VM. We just need to set up the network stuff.

The Cyber Mentor's youtube guide server1

Navigate to Control Panel > Network and Internet > Network Connections

server19

Windows 10 host networking

Naviage to Network Adapter settings

Right-click on Ethernet0 and select properties

Select IPv4 and set the ip address 192.168.2.21, use 192.168.2.1 as the default gateway, and use 192.168.2.10 as the DNS server.

Fri, 16 Sep 2022 17:31:56 -0500

update for next month

[linkstandalone]

For the next month

This blog post will be very short

For the next month I will be doing a post every week and if I can hand the extra work load I will keep up weekly blog post

Sun, 28 Aug 2022 14:30:02 -0500

HAPPY BIRTHDAY GNU/LINUX

[linkstandalone]

What is GNU/Linux

GNU/Linux is an operating system, a large piece of software that manages a computer. It is similar to Microsoft Windows, but it is entirely free. The accurate name is GNU/Linux but "Linux" is used more often.

The history of GNU/Linux

Linux started in 1991 but we need to go back to 1969. In 1969 Kenneth Lane Thompson and Dennis MacAlistair Richie maded the UNIX operating system at AT&T Bell Labs and maded the programing language C with needs a another blog post for itself. Unix was owned by AT&T. Devepoled like it because of the util of it but licening with this software was annoying and a guy name Richard Matthew Stallman did not like this. He maded the GNU project to create a free UNIX-like operating system in 1983. He wrote GPL (GNU General Public License) as a part of his project. He also maded the GNU kernal but this was not as popular as UNIX. Linux Torvald started the Linux project. His email sated:

Hello everybody out there using minix - I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clone. This has been brewing since april, and is starting to get ready. I'd like any feedback on things people like/dislike to get ready. I'd like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things). I've currently ported bash(1.08) and gcc(1.40), and things seems to work. This implies that I'll get something practical within a few months, and I'd like to know what features most people would want. Any suggestions are welcome, but I won't promise I'll implement them :-) PS. Yes - it's free of any minix code, and it has a multi-threaded fs. it is NOT protable (uses 386 task switching etc), and it probably never will support anything other than AT-harddisks, as that's all I have :-(.

This email was wrong

Later on he combined it will GNU and maded it open source. Now Linux is not just a small project. It is everywheres. This website runs on Linux. Most servers run linux.

Why is GNU/Linux everywheres

GNU/Linux have things called distros this allows anyone to make a there own GNU/Linux and change it how they want.

Sun, 28 Aug 2022 14:26:00 -0500

uptime-kuma

[linkstandalone]

UPTIME-KUMA

What is Uptime-Kuma? Uptime-Kuma is a self-hosted monitoring tool. I will say at first I thought this was dumb. Why would I need a uptime moitoring system? When I run it just to give it a chance I fell in love with it because of one feature. The feature notification. You can send notification to email, discord, telegram, and etc.

What are the ways to install it.

You can install using docker, install script, or build it. I use docker because I love docker. I will do an article on it later.

How do you install it

I will show how to install it using docker. You can install docker. Then use docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime-kuma louislam/uptime-kuma:1

Once it is up and ready if you have never docker I would give about a miniture. You can check the logs if you want to.

Set up uptime-kuma

You need to go to your server ip like this http://10.10.10.250:3001. One you are there you should see something like this

dashboard"

Then click on "Add New Monitor".

add

The monitoring type: http/https is a website you want to monitor, TCP port is a port you want to montor, ping is when you just want to ping a server, and dns request of the machine.I am going to do ping. You need to set a friendly name. This is the name you will see in Uptime Kuma. Hostname is the ip of machine you want to monitor. Then just click save. You are done but we will setup email.

Setting up email with Uptime Kuma

Click on setting up notifications.The on notification type and find Email(SMTP). It should look like this.

email

Then set it up I can not tell you this because every email server is different but I will give you an exsample.

setup

Once this is set then you should be sent emails when the machine you are monitoring goes down.

The closing

I would recommed you playing around with Uptime Kuma.

Fri, 12 Aug 2022 20:52:28 -0500

SATA CABLE HACK

[linkstandalone]

What is a SATA cable

SATA(Serial Advanced Technology Attachment) cable is an IDE standard first released in 2001 for connecting devices like optical drives and hard drives to the motherboard

How does the hack work

The SATA cable interfaces can emit radio signal during certain read and write operation. This will main be used in air-gap system because this systems do not have wireless connection.An attacker can use malware to hijack legitimate software process to preform vert specific read/wire functions that reflect the contents of the data that the attacker wants. You will need to first get access to this machines. You can use a bad USB or make some social engineering. This attack can only receive data about 4ft away. If they go further than that then they will get error bits and this attack only transfer at 1 bit/sec.

How to stop this attack

What is the future of this attack

This attack is not a really big problem RIGHT NOW but could be in the future attack. This only really effect air-gap systems because there are easier and better attacks if a systems is connect to the internet.

This resource I used

The research paper
An article on the subject

Fri, 29 Jul 2022 21:10:07 -0500

pfsense-opendns

[linkstandalone]

What is OpenDNS?

OpenDNS is a DNS sinkhole. This allows you to stop people from going to certen sites that you don't want them to go to. There is two version of OpenDNS called Umbrella this is the enterprise version and cost money. We will be using the consumer version called OpenDNS home.

First you need to set up an acount. You will need an email address, password, and public IP. Ones you login in. You are ready to start

How to set up OpenDNS?

First go to settings. Then type in your public IP. You can go to What is my IP.

Then go to web content filtering. Set what you want to block. After this you can set up your DNS server in your router as

How do I set this up for Pfsense

First login into your pfsense router through the web portal.

Go to System/General Setup.

Then add a DNS server and use the 208 address above

Then save the changes.

Final we need to force ever network enable devices to use OpenDNS.

Go to Service/DHCP Server/ LAN

in the DNS setting type the above IP address and save

Final reboot your router

How will this effect my network

This will force you not to go to sites than are part of the catagory that you set. If you do not want to effect you much then set to stop malware and stuff like that

Tue, 19 Jul 2022 20:21:42 -0500