The Pihole is a device built on a single board computer (sbc). The device acts as an ad-blocker for your network. There are also blacklists that can be applied or you can build your own.
I good deal for people build these with a raspberry pi, but I found 2 orange pi zeroes for cheap and decided to build on out of this.
So, I’m a little bit of a tech hoarder. I’ve got several raspberry pis, nucs, Mac minis, and a chrome box. I also have a switch to put pfsense on. I’ve kinda got the hardware part down (tho I am looking for 1 more machine with 16gb or ram to complete my vision).
This being said I have a few things I want out of my lab environment:
Malware Analysis machine
Security Onion Analyst machine
Cyber Threat Intelligence Machine
Possible Forensic Analysis Station
Also want to have a pihole
I also know I want to mess around with Docker and Python although these don’t need their own environments the other three kinda do. This is especially true for malware Analysis machine which needs to be isolated as much as possible to prevent infection of other systems.
Draft Lab Documentation
The above is the draft documentation I cooked up to kinda of mimic inventory management. I also think if I’m going to have stationary ip addresses that this should be documented as well. I started having this info written out, but have also entered it into note-taking software. This is my attempt to be meticulous and intentional in this endeavor.
This morning I sat in on a virtual Meet-up where the topic was Building a Lab. During the pandemic I had been slowly but surely ‘collecting’ computer equipment with the thought to build out several components to like a multitasking lab environment. I know a lot of people are all for virtual environment labs, and I had one of those as well, but I also think that different devices should have different functions and like the idea of re-purposing old systems.
I’m working on this because in the past my virtual lab was tied to schoolwork or ctfs and mostly focused on lightweight pentesting and I want to get more hands-on defensive measures in place. I also want to be able to pull in threat intelligence feeds and a machine specifically for python scripting and researching.
An older version of the Meet-up I attended this morning
One of the things that stuck with me this morning and is kind of a ‘duh’ moment was to do an inventory, but also I think I’m going to try to design and designate all the components I want/have before I start building out. That’s why this blog is #0 it’s my pre-planning. I’m going to take the next week to look at the systems I have, the objectives I want to learn, and then plan out. Another piece to this will also be the documentation, I want clear and concise documentation because in a real world scenario this would be important.
Next week or the week after I’ll share examples of my inventory assessment and initial documentation. I also plan to have designated the use of each piece.
The second type of lab I’m currently working on is a dual-boot machine. Some might not advise to building from this type of lab, but it can allow for having a computer that is on a segregated network for analysis and then having that computer also be set with a deep freeze program that resets the computer after logging off cleaning it or having a windows computer that can run Fireye Flare VM again in a double segregated environment.
The idea for this Lab came from interactions with similar set-ups without the dual-booting in which the lab was set-up for analysis on a segregated network. The dual-booting for me was kind of a bonus, because I had wanted to try doing it for a while and then also because it allows me a computer to run Linux away from my main computer while also running Windows. It gives me access to use tools that might be made for either platform in the same computer giving it a singular purpose.
Currently, this lab is not in it’s completed iteration. I still mainly use the VM lab to work on CTFs or do classwork, but this lab is coming 1.0 before the end of summer. So look forward to 2.a, etc in the near future.
PROS:
Keeps Lab separate from main computer
Allows for practicing from both a Linux and Windows Environment
Deep Freeze Software can be used to reset computer after analysis
By far the easiest method of getting a cyber lab up and running is using virtualbox or vmware. I’m partial to virtualbox because it’s free and my pockets love free. Using virtualbox one can build out a connected network that is separate from their actual machine (connection-wise). Using one or more of the vulnerable VMs on Vulnhub they can also test out and learn how to conduct a penetration test/hack a machine. They say the best way to learn is by doing. So, my first cyber lab has been through virtual machines. There are a number of good/great youtube tutorials on how to set-up VMs for a cyber lab so, I’m not going to rehash that. I will link to a couple that I found particularly helpful with this iteration of my lab:
The reasons I went in this direction for my first cyber lab is because it’s cost effective and easy to set-up, maintain, and ultimately breakdown. Making snapshots make making mistakes (it happens and crashing a lab and having to start all over is the worst) not as nerve-wrecking as it would be if you infected and crashed you actual machine. A virtual lab allows for a user to test networking, penetration testing, monitoring , and more without having to buy a lab. I would definitely recommend as a starting point if someone was trying to find a way to sharpen/grow their skills.
Recommended Virtual Machines
Kali Linux
Parrot OS
Metasploitable 2 (Great Beginner machine to hack)
A Windows Machine (7 or Better) [Available from Microsoft]
Minimum System Requirements:
Windows Vista or Higher (I’d recommend at least 7) or
Apple OS X (at least 10.9) or
The Most current update for the Linux Distro of your choice
RAM depends on the number of VMs running (16 GB is a good number)
Storage is based on the number of VMs running (30 MB for Virtualbox; At least 10GB per VM)
Build A Security Ninja 