Machine Set-Up
The Easy Way
-
Get a fresh linux VM with the following specs:
- Ubuntu Server 20.04 LTS
- 2 cores
- 4GB RAM
- 128GB Standard SSD
-
Download this Repo, extract into
~
so that~/Scripts
and~/Files
are valid paths -
From the
~
directory, run script:./Scripts/setup.sh
- This will install all the tools and place all the files needed for the course
- This might take a while (est 30-45m), so open Youtube or something
- You will need to press
enter
between each script -- this is so if you need to stop, you can!- The script is safe to run multiple times if you need to stop and start again
The Hard Way
RDP Setup
This must be done to allow for RDP connections to the student VM
- Run script:
~/scripts/rdp_setup.sh
- Tool(s) installed:
xrdp
,xfce4
- Files placed: None
Unit 1: Lab
- Run script:
~/scripts/unit1_lab.sh
- Tool(s) installed:
Wireshark
(and dependencies) - Files placed: None
Unit 1: Project
- N/A - Same as Lab
Unit 2: Lab
- N/A - Students install their account-specific Wazuh agents during lab
Unit 2: Project
- Run script:
~/scripts/unit2_project.sh
- Tool(s) installed: N/A - Same as lab
- Files placed:
/etc/wazuh/static.txt
/etc/wazuh/thisisit.txt
attack-part1
attack-part2
Unit 3: Lab
- Run script:
~/scripts/unit3_lab.sh
- Tool(s) installed:
Snort
(and dependencies) - Files placed: None
Unit 3: Project
- Run script:
~/scripts/unit3_project.sh
- Tool(s) installed:
npm
,node
,hftp
library - Files placed: See below tree
ftp_project
└── ftp_folder
├── activity.pcapng
├── attack.sh
├── cosmo
│ ├── passwords.txt
│ ├── reports_original.txt
│ └── rocknames.txt
├── general
│ ├── budget.txt
│ └── reports.txt
├── scripts
│ ├── attack.js
│ └── start-server.js
├── timmy
│ ├── fishnames.txt
│ ├── passwords.txt
│ └── reports_original.txt
└── wanda
├── catnames.txt
├── passwords.txt
└── reports_original.txt
Unit 4: Lab
- N/A - Wireshark continued and mitmproxy installed in-lab
Unit 4: Project
- Run script:
~/scripts/unit4_project.sh
- Tool(s) installed:
nginx
,slowloris
- Files placed: None
Unit 5: Lab
- Run script:
~/scripts/unit5_lab.sh
- Tool(s) installed:
Splunk
- Files placed:
netflix_titles.csv
,Top Video Game sales.csv
,webauth.csv
(Loaded into Splunk)
Unit 5: Project
- Run script:
~/scripts/unit5_project.sh
- Tool(s) installed: None (Splunk installed in lab)
- Files placed:
webserver02.csv
,uploadedhashes.csv
,failedlogins64.csv
,BlueCoatProxy01.csv
(Loaded into Splunk)
Unit 6: Lab
- N/A - Lab runs in browser
Unit 6: Project
- N/A - Project runs in browser
Unit 7: Lab
- Run script:
~/scripts/unit7_lab.sh
- Tool(s) installed:
MISP
- Files placed: None
🚨 Manual Steps
- Login to 127.0.0.1 on the local machine (No port needed)
- Change the user/password from
admin@admin.test/admin
toadmin@admin.test/Codepath123!
- Click on
Sync Actions
>Load Default Feed Metadata
>Fetch and Store all feed data
- Check all the options and select
Cache All Feeds
- (Note: This is NOT the blue button that says
Fetch and store all feed Data
!)
- (Note: This is NOT the blue button that says
Unit 7: Project
- N/A - Same as Lab
Unit 8+
- N/A - Group Project