The Pihole is a device built on a single board computer (sbc). The device acts as an ad-blocker for your network. There are also blacklists that can be applied or you can build your own.
I good deal for people build these with a raspberry pi, but I found 2 orange pi zeroes for cheap and decided to build on out of this.
I would advise anyone who wants to learn to use Splunk to actually use Splunk. They offer a really thorough fundamentals class for free and you fan set up a Splunk environment fairly easy.
There’s also hands-on by completing the ‘Boss of the SOC’ challenges.
Furthermore I recommend:
Splunk Certified Study Guide by Deep Mehta published by Apress
I highly recommend the above book to supplement study and test prep.
So, I’m a little bit of a tech hoarder. I’ve got several raspberry pis, nucs, Mac minis, and a chrome box. I also have a switch to put pfsense on. I’ve kinda got the hardware part down (tho I am looking for 1 more machine with 16gb or ram to complete my vision).
This being said I have a few things I want out of my lab environment:
Malware Analysis machine
Security Onion Analyst machine
Cyber Threat Intelligence Machine
Possible Forensic Analysis Station
Also want to have a pihole
I also know I want to mess around with Docker and Python although these don’t need their own environments the other three kinda do. This is especially true for malware Analysis machine which needs to be isolated as much as possible to prevent infection of other systems.
Draft Lab Documentation
The above is the draft documentation I cooked up to kinda of mimic inventory management. I also think if I’m going to have stationary ip addresses that this should be documented as well. I started having this info written out, but have also entered it into note-taking software. This is my attempt to be meticulous and intentional in this endeavor.
This morning I sat in on a virtual Meet-up where the topic was Building a Lab. During the pandemic I had been slowly but surely ‘collecting’ computer equipment with the thought to build out several components to like a multitasking lab environment. I know a lot of people are all for virtual environment labs, and I had one of those as well, but I also think that different devices should have different functions and like the idea of re-purposing old systems.
I’m working on this because in the past my virtual lab was tied to schoolwork or ctfs and mostly focused on lightweight pentesting and I want to get more hands-on defensive measures in place. I also want to be able to pull in threat intelligence feeds and a machine specifically for python scripting and researching.
An older version of the Meet-up I attended this morning
One of the things that stuck with me this morning and is kind of a ‘duh’ moment was to do an inventory, but also I think I’m going to try to design and designate all the components I want/have before I start building out. That’s why this blog is #0 it’s my pre-planning. I’m going to take the next week to look at the systems I have, the objectives I want to learn, and then plan out. Another piece to this will also be the documentation, I want clear and concise documentation because in a real world scenario this would be important.
Next week or the week after I’ll share examples of my inventory assessment and initial documentation. I also plan to have designated the use of each piece.
The second type of lab I’m currently working on is a dual-boot machine. Some might not advise to building from this type of lab, but it can allow for having a computer that is on a segregated network for analysis and then having that computer also be set with a deep freeze program that resets the computer after logging off cleaning it or having a windows computer that can run Fireye Flare VM again in a double segregated environment.
The idea for this Lab came from interactions with similar set-ups without the dual-booting in which the lab was set-up for analysis on a segregated network. The dual-booting for me was kind of a bonus, because I had wanted to try doing it for a while and then also because it allows me a computer to run Linux away from my main computer while also running Windows. It gives me access to use tools that might be made for either platform in the same computer giving it a singular purpose.
Currently, this lab is not in it’s completed iteration. I still mainly use the VM lab to work on CTFs or do classwork, but this lab is coming 1.0 before the end of summer. So look forward to 2.a, etc in the near future.
PROS:
Keeps Lab separate from main computer
Allows for practicing from both a Linux and Windows Environment
Deep Freeze Software can be used to reset computer after analysis
For me this experience was an epic failure, but that’s most definitely because I know absolutely nothing about Reverse Engineering. My frustrations were enhanced by the fact that my entry key was buried in my spam/trash folder and I didn’t think to look in there until an hour before the CTF was scheduled to end. In all honesty this wasn’t my first time signing up for this CTF, but during 1.0 I had to work so only got the bonus membership to Escalate afterwards and never got to touch the platform.
As I stated I know nothing about Reverse Engineering…well, I wouldn’t say nothing. I know the names of some of the tools, namely Ghidra and BinaryNinja, but I’ve never used either. |
I’m trying to leave myself completely open to learning though, which also means participating in as many CTFs as I can schedule. This is a subplot plan that has me trying to get the hands-on experience from anywhere. So, knowing nothing I signed up for this one.
As I state above the problems were mostly caused by me and my email address. I got a little hands-on usage of Binary Ninja to complete simple tasks, but I would have needed way longer than an hour to get anywhere with the medium and hard tasks. I think maybe in the hour I was able to score something like 72 points.
The pro of doing this is that I realized that somethings aren’t that difficult to do when in comes to reverse engineering. I mean this doesn’t make me any sort of expert, nor would I put this on my resume (other than to demonstrate my willingness to learn new tools). I think that it did make me interested in knowing more about reverse engineering. I would like for when 3.0 comes around I score at least 100 points (that was actually my lofty goal this time). The gist is that I’m not going to just stop participating because right now I’m not as knowledgeable.
By far the easiest method of getting a cyber lab up and running is using virtualbox or vmware. I’m partial to virtualbox because it’s free and my pockets love free. Using virtualbox one can build out a connected network that is separate from their actual machine (connection-wise). Using one or more of the vulnerable VMs on Vulnhub they can also test out and learn how to conduct a penetration test/hack a machine. They say the best way to learn is by doing. So, my first cyber lab has been through virtual machines. There are a number of good/great youtube tutorials on how to set-up VMs for a cyber lab so, I’m not going to rehash that. I will link to a couple that I found particularly helpful with this iteration of my lab:
The reasons I went in this direction for my first cyber lab is because it’s cost effective and easy to set-up, maintain, and ultimately breakdown. Making snapshots make making mistakes (it happens and crashing a lab and having to start all over is the worst) not as nerve-wrecking as it would be if you infected and crashed you actual machine. A virtual lab allows for a user to test networking, penetration testing, monitoring , and more without having to buy a lab. I would definitely recommend as a starting point if someone was trying to find a way to sharpen/grow their skills.
Recommended Virtual Machines
Kali Linux
Parrot OS
Metasploitable 2 (Great Beginner machine to hack)
A Windows Machine (7 or Better) [Available from Microsoft]
Minimum System Requirements:
Windows Vista or Higher (I’d recommend at least 7) or
Apple OS X (at least 10.9) or
The Most current update for the Linux Distro of your choice
RAM depends on the number of VMs running (16 GB is a good number)
Storage is based on the number of VMs running (30 MB for Virtualbox; At least 10GB per VM)
Build A Security Ninja 