Cybersecurity Tip: Build A Basic Home Lab (2/3)
ฝัง
- เผยแพร่เมื่อ 5 ก.ค. 2024
- 🔧 Crafting the Perfect Virtual Workspace: A properly configured virtual machine is the cornerstone of your Home Lab, empowering you to experiment, fine-tune, and elevate your skills within a secure environment.🏠🔧
🚀 Elevate Your Learning with Hands-On Virtualization: Theoretical knowledge forms the foundation, but the Home Lab catapults you into the realm of practical mastery. Take on cyber challenges with confidence, equip your mental toolkit, and embark on a journey of true skill refinement! 🚀🧠
Link for more information on network options
www.virtualbox.org/manual/ch0...
_________________________________
THE MYDFIR SOC ANALYST COURSE:
With 8 chapters and 30+ hands-on labs tailored to security operations, I am focused on transforming you into a standout SOC analyst. Beyond tools, you'll master the investigation process and uncover hidden details. Let's make a real difference together.
▸Enroll here: academy.mydfir.com/p/soc
_________________________________
SIGN UP FOR FREE MENTORSHIP
Getting started in Cybersecurity is difficult and you don't have to do it alone.
Let me help you on your journey.
▸Sign up for FREE here: www.mydfir.com/mentorship
_________________________________
RECOMMEND COURSES FOR BEGINNERS:
Coursera Google Cybersecurity Program
Affiliate Link - imp.i384100.net/mydfir
Microsoft Cybersecurity Analyst Professional Certificate
Affiliate Link - imp.i384100.net/mydfir-MS
Coursera Google IT Support Professional Certificate
Affiliate Link - imp.i384100.net/mydfir-IT
_________________________________
PRODUCTS TO HELP YOU GET STARTED
🗺️ 1-Year Cybersecurity Roadmap: mydfir.gumroad.com/l/roadmap
📄 Resume Template: mydfir.gumroad.com/l/Resume-T...
📑 Cover Letter Template: mydfir.gumroad.com/l/Cover-Le...
🎙️ Interview Questions: www.mydfir.com/interview
📚 Cybersecurity bookmarks: mydfir.gumroad.com/l/bookmarks
_________________________________
EARLY ACCESS & EXCLUSIVE VIDEOS
Patreon: / mydfir
_________________________________
🕒 TIMELINE
00:00 - Intro
00:48 - How To Reduce Risk
01:01 - Virtual Box Demo
01:33 - Different Network Options
03:27 - Two Sample Scenarios
04:50 - Demo
10:12 - VMWare Demo
_________________________________
FOLLOW ME ON SOCIAL MEDIA:
▸Instagram: / mydfir
▸X: x.com/@MyDFIR
Disclaimer: All opinions in my videos are solely my own. Some links provided are affiliate links!
#homelab #cybersecurity #cybersecuritytrainingforbeginners #cybersecurityforbeginners #socanalyst #soc
Awesome video!
Things I do on my sandbox VM's:
- I have 2 virtual NIC's (one configured with NAT and another as Internal Network, the last one is on by default while NAT is off and NAT interface is only used when I update tools or analyze 2-stage samples that need access to the internet)
- I've configured both NIC's with a MAC that is non-typical for VirtualBox/VMware (some malware can detect sandboxes by analyzing MAC OUI's)
- One of my VM's is Windows based (FlareVM), second VM is a GNU/Linux based (REMnux) both are in the same "Internal Network" and both share same IP address space.
- Once my VM"s are ready I make a "baseline" snapshot of a live session (VM is still on) that I can revert to once my analysis is complete, this saves me time when I need to use it again so I don't have to turn VM back on and in stead just power-up the baseline snapshot.
- Make sure your Windows VM has it's antivirus, firewall and automatic updates disabled (easier said than done)
- Disable automatic updates on your GNU/Linux VM as well just in case (ubuntu-based VMs are well known to break tools during the upgrades, trust me I've wasted enough time trouble shooting it...)
- Easiest way to drop in samples inside your VM's is make a mount point, make sure it's in READ ONLY mode, so your VM's can "write" into it (in VirtualBox you configure mounts/shares in "Shared Folders")
- Having a host OS that is non-Windows is an additional layer to defend yourself, this way even if a malware finds a way to break out of the sandbox you run a lot less risk to be infected.
That is a beautiful sandbox. Very similar to mine except I don’t allow NAT since I am paranoid so for those 2nd-stage malware ill leave it to the experts 😂 - Remnux & Flare is awesome, one thing I do is have burp suite intercept/decrypt traffic and now we got additional info! - Future video…?👀
I hate to be necroposting but if someone was kind enough to elaborate a bit more on the sample drop through mount point, it'd be fantastic.
Thank you for you this series - it is extremely helpful!
Glad it helped! I’ll be creating another one soon 👀 be on the lookout!
Thank you for providing quality content. Keep going man
Thanks, will do!
Thanks for these. Really easy to follow, and not too long.
Glad it was helpful!
my first time here and i have watched like 8 videos now.
you are one brilliant dude
Haha thank you! Really appreciate it ❤️
This was an absolute excellent episode. Thank you so much.
Thank you! Glad it was helpful ❤️
Thank you for this series🙂. It's very helpful.
Glad to hear that!
Really enjoyed this video! Amazing explanation of configuring the environment! Really liked how you covered virtualbox and VMware and the importance of a sandboxed environment. Demos were amazing and definitely this video I will use as reference! Fantastic home lab videos so far from start to finish! Keep up the great work!
Awesome! Happy it helped - More to come, part 3 will be pretty exciting (I think). As always, thanks for the support! ❤️
Such a great work ! Thank you ! I've finally have my own home lab to try new things !
Thank you so much !
Wonderful! Glad to hear that ❤️
Amazing work, thank you!
Thanks for watching!
Great video! You may consider and additional video explaining how to do the same network config in Hyper-V. Although not as popular of a hypervisor as VirtualBox and VMWare, its different enough in the network configuration that some instructions would be helpful to whomever wants to use it. Thanks for all the hard work in putting out these videos. I, for one, appreciate it!
Ooo Great suggestion and thank you! Appreciate the support ❤️
Very useful and well explained. Awsome video
Thanks!
Thank you. I'm now your fan.
Thanks! Appreciate the support ❤️
Amazing video!
Thank you!
Thank you bro. Your videos are wonderful with amazing explanation
and gave me confidence that cybersecurity is not so hard if you got right mentor.
You're most welcome ❤️ I have a lot of other projects/hands on labs you can watch to follow along if you wish. Please don’t hesitate to ask questions as I am always happy to help!
@@MyDFIR thank you 🙏
Damn you are good. I was looking for the perfect explanation like that
haha thanks for watching! Glad I could help :D
Great Video dude..
Appreciate it!
Great Video! Would I still be able to effectively test tools and analyze malware if I used an Ubuntu VM rather than Windows? I wouldn't mind some extra work for the sake of learning more about configurations and Linux but how much more of a hassle would it be (if at all) to use Ubuntu instead?
Great question, I would think about spinning 2 operating systems (Ubuntu & Windows) - With Ubuntu, you won’t have much success with performing DYNAMIC malware analysis for PE files (Portable Executables) and this is where Windows would come in. However, you can analyze ELF file formats with Ubuntu.
Hi! I really enjoyed watching this video as it is quite explanatory. I am just trying to break into the field of cybersecurity. This home lab project is quite easy for me to understand and try by myself. I have a few questions though, for instance, if I am done building the lab and at first, I set up the network to nat to be able to test tools, if at some point, I decide to do Malware analysis, can I just change the network type to internal network and configure it or should start creating a new homelab? Also if you can make a separate video about testing tools with this set-up and another with analyzing malware, I'll really appreciate.
Great question and thank you for watching! You can use the same home lab to analyze malware and change the network like you said but do remember to take a snapshot and revert it back once you are done analyzing the malware :)
@@MyDFIR Noted, thanks
Loved your video!
Could you answer a question for me? When assigning IP addresses why did you pick that specific one? How do you know the range which your able to choose from? Hopefully that makes sense.
Thanks! You can assign any IP within the range of RFC1918 aka private IPs. Take a look at that to help you learn more about it ❤️
Thank you for this! I am attempting to go through your SOC Automation project and I setup Wazuh and The Hive but not sure how I should be setting up the virtualbox windows 10 client that reports to wuzah? Should it be a NAT configuration?
Yes NAT will be the one you choose
@@MyDFIR Thanks!
Bro I love your videos
Thank you for all effort
I have only one question
What type of configuration, I need to have in the computer to stablished the lab environment for more practice
Do I need windows or Mac
Do you teach any class concerning cyber
Thank you so much
I would recommend windows for lab practice as Macs, specifically ARM Macs don’t play nice with virtualization.
Try and aim for a computer with 16 GB RAM if possible. As for classes, I am in the middle of building my SOC course and will provide more updates in the future.
Can you explain how do you get files (malware) into the VM if it cant talk to the host machine? Thank you!
I’ve seen various different ways such as connecting to a file share prior to executing the malware, allow internet connectivity prior, use a USB to transfer, etc. Just remember that whenever you download malware, be sure to rename the file extension to prevent yourself from accidentally executing it. Always snapshot your VM before malware analysis.
With assigning both VM/Kali with static ips, you didn’t mention where you got the two ips from; I did a quick look up and found that you can simply ask your ISP to provide those to you?
IPs your ISP will give you are public IPs whereas the IPs i used are private IPs.
Please tell us, how did you get it
Could you please do one for UTM & Parallels too? Please 🙏🏾
Absolutely, I personally do not have any experience with those two. However, I’ll play around with them and see what I can come up with!
@@MyDFIR thank you very much, I'm currently using UTM and I'm also a beginner so trying to keep up is a bit difficult... So I'd really appreciate a specific video for us 😅🙏🏾.
Awesome video. New subscriber here 😀
Thanks for subbing!
@@MyDFIR I learned a lot from your channel 🥰
Make video how to access your products
Haha in the future 👀 - Thank you for your support
Great vid but im trying to ping from windows to kali but keep getting this error message on the command propmt. "PING: transmit failed. General Failure" please advise??
What troubleshooting steps have you performed so far?
Hello l'm Dieudonne fotso l love cybersecurity field but l don't have experience in the domains where should l start to understand more deeper?
I would read more about the domains via research and see what stands out. If you aren’t sure about what domains exist Ive created a video here th-cam.com/video/eRvv-WidX-o/w-d-xo.htmlfeature=shared
I have a doubt bro... how did you get the static IP address... Is that random or we need to do any process?
Pls respond
Random - you can choose any static IP but just make your VMs are on the same network
Man I hope you deep dive into tools later on.
😂 Any specific tool you would like to see?
hey MYDFIR what happen if virtual box pc and Linux aren't pinging each other
how do I fix it???
Are they in the same network? What is your network settings for your VM?
If someone don't know how to set up an VM or which Network to use, that they shouldn't play with Malware. I think, for these guys somethink will go wrong.
Agreed! However those that do want to live life dangerously- ill say…proceed with caution.
when i try the ping it stills says destination host unreachable
From windows to kali? Make sure they are on the same network, you must change their network adapters and IP
The pinging said transmit failed. Please help!
never mind I got it. I think it's because my Kali machine fell asleep. smh lol.
Haha it happens!
my ip address wont show up in my command line am i doing something wrong ?
Odd, is your NIC attached on your VM? When you run the command, does it show nothing for your IP? Does it start with 169.x? If so, DHCP likely isn’t working, instead you can try statically assigning an address.