H0L@ guys, the main question is why this lab. I would be straightforward.
- Dont worry none of the words is AI generative
- To show my skills, knowledge and experience that is of interest i.e SOC Analyst
- Exploring the different tools required in the Blue team so that you can learn more about the Red/Purple team while on the job.
- Contributing to get a job without certifications in the Industry which is quite hard, and I have never chosen an easy path.
!
Image 1. This is where we are heading it's a never-ending process so bear with me!
- Find the Hardware
-
I am using the Acer Aspire XC-885 series given the below specification
Image 1.1 screenshot from the Dashboard of Proxmox running PVE
-
- Download Proxmox iso file latest(8.1.4)
- Make USB bootable with your favourite bootable software- RUFUS
- Boot from USB and Install Proxmox.(basic installation is not covered just important parts covered)
- Install it like Linux OS and it will be available on machine.IP-address:8006
-
Download the ISO images and Upload them to the Proxmox hard drive.
Image 2.1 screenshot from the ISO images on Proxmox Storage- pfsense firewall https://www.pfsense.org/download/
- Ubuntu Server https://ubuntu.com/download/server
- Kali Linux https://www.kali.org/get-kali/#kali-platforms
- Parraot OS https://parrotsec.org/download/
-
Configure the Linux Bridge.
Image 2.2 You can choose your private IP range* try your networking skills!
- install pfsense firewall ISO with Network adapter as Linux bridge
- we can access the firewall with CLI and WEB_GUI= ip.address
- Create Interfaces for VLANs vlan10, vlan20, vlan30
- Create firewall rules for each VLAN
- Enable DHCP for each VLANs you can choose your IP range(* try your subnetting skills)
- Keep Updated with the latest updates make it personalize and remember all the passwords and usernames.
- try pinging from each machine to check connectivity.
- Install WAZUH(SIEM + EDR) from here https://documentation.wazuh.com/current/quickstart.html on a Headless Ubuntu Server by SSH
- install Nessus(Vuneralibity Scanner) from here https://www.tenable.com/downloads/nessus?loginAttempted=true on a Headless Ubuntu Server by SSH
- install Splunk Enterprise(SIEM) from here https://www.splunk.com/en_us/download/splunk-enterprise.html?locale=en_us# (need login ID)
- You can choose your machine as you want
- You can try solving this box , This will give you peneration testing hands-on with privlage escalation, finding vulneralibities by open ports and services on that particilar machine
-> I choose 5 machines as follows
Machine 5: Breakout
Machine 4: Metasploitable-linux-2.0.0
Machine 3: ICA1
Machine 2: Earth
Machine 1: Matrix
- We can't start penetration testing on the box as we havent setup the agents on the machine
- As we don't know the username and password we cant login and get setup the agents or sensor or forwarder.
- so what we can do? think about it and then get to here for next step.