Nascar Professional couldn’t be drivers without their car. It’s the same with cybersecurity professionals and their laptop. - Cybersecurity Professional
The above quote is from a colleague of mine, a guy that’s been in the profession for 15 years, has more certs than you can shake a stick at, and experience in numerous high-stakes cyber positions. To say the least, he’s been around the cyber block. This guy is constantly learning to better himself and has done a lot through self-study.
Luckily for me, he’s my mentor which presents opportunities to discuss a lot of topics, including “What makes a cybersecurity professional a cybersecurity professional”. It’s a tough question to answer and we’ve considered a lot of different aspects. Some people will tell you that a cyber pro needs a computer science degree or a list of fancy certifications. Others will tell you that experience makes the professional. Personally, I believe that these are all good data points/indicators, but for me the best indicator is mindset.
The Hacker mindset. It’s that desire to understand how things work. It’s the relentless pursuit for that last piece of the puzzle. Unfortunately, understanding a person’s mindset is difficult without spending significant time with him/her. Fortunately, a pretty decent idea for getting a glimpse into someone’s mindset is to learn about his/her lab. The cyber pro’s lab can tell you a lot about the desire to learn and the types of things that he or she has been working on.
This post is an introduction into creating a lab for yourself. It’s about providing an environment where you can practice your tool-sets and techniques in a controlled environment. It gives you a space to experiment with new ideas, but just as important, it gives you a controlled space to gain a deeper understanding of technologies that we employ every day for our day jobs.
Personally, I recommend setting up your lab on a laptop. Laptops give you a lot of flexibility in location. Obviously, there’s a trade-off when compared to a traditional desktop computer. Laptops are more expensive and generally less powerful than their desktop counterparts, but they are more portable. This is important because it lets you take your setup on the go, which is beneficial for training sessions, conferences, and training when not at home.
You can get a decent setup for around $1200. Ideally, you want a decent processor, 500GB of storage (preferably ssd) and something with 16GB of ram or more. The ram requirements are particularly important because it allows you to run more virtual machines in parallel.
Setup
To start with, we are going to need a few things. Follow the links below, download and install one of the hypervisors, and download each of the virtual machines.
- Hypervisors
- Preferably, use VMWare Workstation Pro or VMWare Fusion Pro, but they each cost around $275
- You can get by using VirtualBox or VMWare Player, but you’re losing out on features that’s you will probably want, such as snapshots and defined networking.
- Virtual Machines
- Kali Linux
- Choose Kali Linux Vm 64 Bit 7z
- Remnux
- Windows VM
- Choose MSEdge on Win 10
- Metasploitable
- Kali Linux
Importing the VMs
Now that we have a hypervisor installed and our virtual machines downloaded, we need to get them imported so we can use them. First unzip each of the zip archives that you downloaded (I prefer 7zip for my archival needs). I recommend transferring the files somewhere other than your Downloads folder.
- For each of the three virtual machines
- Click File->Open
- Navigate to the directory where you saved your virtual machines.
- Select the .vmdk or .ova file
- Click Open
Kali Linux Setup
Start up your Kali virtual machine by right clicking it in your hypervisor and selecting run or start.
Once it boots up, you’ll be presented with a log-in prompt. The default credentials are root:toor (username:password).
Once logged in, open a terminal by hitting either your Windows key or command key for macs. Then type terminal and hit enter.
Kali Linux is a Linux distribution with a number of pre-installed security tools. Since this is Linux and we will be heavily utilizing the terminal, let’s go over some basic commands.
- Figure out what directory you are currently in with
pwd - List the contents of the directory that you are in with
ls- Depending on where you are, you should notice both blue and white text. The blue text is for directories and the white is for files. Green is used for executable files.
- The cd command can be used to move into other directories or
cd ~to return to your home directory.- Example:
cd Downloads
- Example:
- The cat command can used to display the contents of a file to the screen
- Example:
cat mycode.txt
- Example:
- The file command can be used to give details about a file.
- Example:
file myresume.pdf
- Example:
- The man command can be used in front of just about any other command to show you the manual pages for the command. This is useful for understanding the purpose of a command and any switches available (read options) for the command.
- Example:
man cat
- Example:
With the above commands you should be able to navigate around the terminal. Now that we have that out of the way, we can move onto setting up our system.
First off, we need to change the root password. Type the command below, hit enter, and type in your new password.
passwd
Next, let’s update the system. Kali is a rolling distribution based off of Debian Linux and it will need to be updated pretty regularly. I recommend updating at least once a week and before you begin a new project. Debian distributions use a package manager called apt. To a Windows user, package managers are probably a foreign concept. While you can certainly go out to the web and download applications for Linux in a similar way that you can for Windows, Linux provides a more elegant solution by means of repositories. Repositories can be thought of (overly simplified) as centralized places for you to go and download software. Package managers provide a mechanism to both download and install applications from repositories. Use the command below to make sure your package manager has the most up-to-date list of the software available in Kali’s repositories.
apt update
Once this command completes, it will let you know if you have an packages that are out of date. To update all of your out-of-date packages, use the command below.
apt upgrade
Type y when you are prompted to see if you are sure that you want to install all of the updates.
Now that we are up-to-date, lets install a basic tool for firewall management. We’ll use the package manager to install it.
apt install ufw
UFW is a wrapper for Kali’s default firewall iptables (which is fairly difficult to work with). Remember that you can use the manual for UFW
man ufw
To turn the firewall on and make sure it starts at boot, type
ufw enable
To ensure that the firewall is running and set to run at boot, type
ufw status
What about the others?
Remnux and Metasploitable are both Linux virtual machines. Remnux can be thought of as the Blue Team counterpart to Kali. While Kali does have a few Blue Team tools, most are more generally considered Red Team tools. Metasploitable is an intentionally vulnerable Linux distribution that we can use for testing purposes. Lastly, we have the Windows VM. Each of these will be used in future posts, but for now we will leave them be for the most part.
Networking
Importing and running the virtual machines is only a part of the setup for our lab. We also need to understand how networking is handled with our hypervisors. There are 3 basic ways to setup networking for each virtual machine.
- NAT : Each VM is provided a non-routable IP by the hypervisor. The hypervisor then acts as a gateway/router to provide external network access. The external connection is facilitated through the IP address that your laptop has. This is analogous to your home setup with a router and home computer.
- Briged : The virtual machine gets its own IP address in the same manner that your laptop did.
- Host Only : This setting, is similar to the NAT setting in that it provides the virtual machine a non-routable IP address. The difference is the hypervisor does not route connections externally. In practice, this means that your virtual machines with Host Only set, can access each other, but not the Internet.
Each of these has its pros and cons. NAT is easiest to use and provides a level of protection for your virtual machine. Bridged allows you to access your virtual machine from sources external to your laptop (think setting up a web server on a virtual machine). Lastly, Host Only isolates your virtual machines from external sources.
For the purposes of this lab, we are going to set each of our virtual machines into Host Only mode. This is ideal because it protects us from accidentally fat-fingering something and affecting things external to our lab.
How-To: Setup Networking for a Virtual Machine
Right-Click the virtual machine in your hypervisor.
Click Settings->Networking
Select Host-Only
Power up your virtual machines and make sure that each one is on the same network.
Windows Command Prompt Command
ipconfig
Linux Terminal Command
ifconfig
Snapshots
For each machine you should setup a snapshot for you to revert to if you mess something up.
- Right Click the virtual machine in your hypervisor
- Select Snapshots
- Click the Camera icon at the top of the screen
At this point, you should have a nice base for your lab. Kali and Remnux provide a suite of tools for you to experiment with, while the Windows VM and Metasploitable both give platforms for testing against. In future posts we’ll go over a few technologies and how to develop the right mindset for learning.