Simple Computer Security

Windows 7 basic set up Alright, this is going to be the longest part of the blog series.  I'm considering breaking this into multiple parts.  The initial installation, hardening, installation of tools, and exploitation. Installation I'm using a basic Windows 7 Professional installation.  My intention behind this is to create an an environment that a user would actually use.  Granted when I get further along I will be installing tools that a standard user wouldn't use such as Splunk and NetWitness but for now we are focusing on installation and hardening. I actually own a few Windows 7 license keys but I'm not going to use them here, so I grabbed a copy off the Microsoft Developer Network (MSDN) .  I'm not going to spend long on this because it's a fairly standard install. The basic hardening I performed on this was: Full patching Firewall on Antivirus (Bitdefender) installed and running User Access Controls enabled Data Execution Prevention Ena

Malicious Website Remember how in the last section I mentioned adding in DNS logs of a connection to www[.] badguy[.]com?  Well I needed a VM to host that webserver.   Creating Badguy[.] com Oh how I love the fact that Linux is free.  If Linux wasn't free I definitely wouldn't be building this training lab. I wouldn't have the money for it. For this website I'm again using an Ubuntu 17.10 headless server hosted on a 1 Core 512MB VM with the IP address of 10.0.2.4. Interestingly enough Ubuntu 17.10 server doesn't actually come preinstalled with Apache2. Simple enough to fix. sudo apt update && sudo apt install -y apache2 After the process of installing the apache2 server was installed I had to check to make sure it worked properly. sudo service apache2 start When it finished booting (a few seconds) I took my Windows 7 (I had installed it but haven't started configuring it yet) and navigated to 10.0.2.4 and was successfully created by th

Setting up the DNS Server This blog is going to be a bit shorter than some of the later blogs in this series but thanks to the hard work of the team behind PiHole this job VM was actually extremely easy to do.  Pihole is an extremely efficient and DNS based adblocking server that has a minimal footprint. Since it'd designed to run on a Raspberry Pi 3  the requirements to run it are tiny.  The DNS server I'm using for this is an Ubuntu 17.10 headless server with 1 Core and 512MB of ram.  Why PiHole? I chose Pihole for 2 big reasons. First I love Pihole.  I have 2 of them, one that I run on a Raspberry Pi 3 and 1 that I run on a Digital Ocean VPS for friends and family.   The other big reason I chose to use Pihole is because it does 90% of the set up for me and created a web interface that analysts can use to check through network logs.  The web interface is the most crucial part of why I chose Pihole.  There's no need to over complicate threat hunting if yo

I was charged by my work with building a basic threat hunting lab to teach Cyber Security Analysts how to better support Network Defenders and Incident Response Teams. This isn't something that I normally do, but they didn't have anyone to do it, and I'm the only person at my job who has a GCFH, so it came to me. But I'm never one to shy away from a challenge and figured this would be both a good learning experience and a Google series of blog posts. This series of blogs is going to cover setting up and configuring each VM for this and lessons learned as I went through the set up.  Setting up the environment: For this lab I'm required to build it in Virtualbox. Itd be easier in VMware or vSphere (yes I know that's still VMware) but I don't have that option. Fortunately VirtualBox has come a long way in recent years and should be more than capable of doing what I need. I'd never done VM networking in VirtualBox before so I had some learning t