Thanks Eric! I just got my Sec+ and the timing couldn't have been better. I had been looking for a completely SOC oriented homelab setup but couldn't really find one. While I was studying for the Sec+ I devoted myself to that and put everything else to the side. Now that I'm done with that, I've got this great homelab to do SOC related projects with and start working towards having legitimate resume-ready practical experience for when I'm ready to transition from help desk into cyber. Thanks!
If you are facing the issue I came across while trying to download SwiftOnSecurity's Sysmon config in the article, try manually cloning the code from SwiftOnSecurity GitHub page and manually moving the .XML file to \Temp\Sysmon.
Hey Eric! I hope you see this. Thank you for this lab but I'm having trouble at the setup attack system step in part 1. I enter the command ssh user@[Linux_VM_IP] and then say yes to add it. But my password says permission denied. Ive restarted the entire Ubuntu process twice and tried making a new pass but still no luck. I don't think im using the wrong IP address so idk what's wrong. Is it the Static IP with the /24 on it? Thanks!
The server has ESXi-7 Host Client configured, allowing me to install any operating system.
Do I still need to download and install VMware Workstation Pro? If so, I have Windows 10 Pro installed on the ESXi. Would I then need to go into Windows 10 Pro to install VMware Workstation Pro? What would you recommend?
Hello, thank you for this amazing guide. I'm encountering a problem; I can't ping google. I'm following the steps. I did the process 3 times from scratch and still can't ping it. Not sure what it's wrong. Any insight?
I am stuck on #3, part F. on the Sensor installation,
----- IN THE WINDOWS VM, open an Administrative PowerShell prompt and paste the following
commands:------
---> cd C:\Users\User\Downloads
I don't know where to begin since I don't have that path on my system.
I tried to follow LC's directions and download the "download installer" first then<cd into that downloads path and run the <ls_sensor.exe> command but again, no results.
Ensure that the path C:\Users\User\Downloads actually exists. Open File Explorer and navigate to C:\Users\User\Downloads to verify. The "User" might be the name you used when installing the Windows VM.
Thanks for this series for us that are new to homelabing. I'm almost done with completing Part 1. However, I'm having trouble getting pass [sudo] password for user: in step 1 of Setting up my attack system with Sliver. Not sure what to put here. I tried using password, but no luck. Also, Gerald Auger's video, which I watched as support to this this page doesn't show what the input to move pass this step. Looking forward to the learning experiences ahead.
Q: I can SSH from Ubuntu into my main machine no probs but the other way round is an issue currently. Firewalls, password etc aren't an issue. Is it something to do with the sshd_config file in Windows' ProgramData folder? Cheers if you can help.
Wait, you're saying you can SSH from Ubuntu to Windows, but not the other way around? This should require nothing on the host, since its just the client.
Great tutorial, Eric.
Learned a lot this weekend.
I noticed that LimaCharlie apparently changed the lc_sensor.exe to hcp_win_x64_release_4.28.0.exe
Then added the information with -i
Awesome lab + write up, thanks!
Thanks Eric! I just got my Sec+ and the timing couldn't have been better. I had been looking for a completely SOC oriented homelab setup but couldn't really find one. While I was studying for the Sec+ I devoted myself to that and put everything else to the side. Now that I'm done with that, I've got this great homelab to do SOC related projects with and start working towards having legitimate resume-ready practical experience for when I'm ready to transition from help desk into cyber. Thanks!
hi
should be
```
.\lc_sensor...
```
Fixed this by dropping into cmd.exe from the PowerShell prompt first. Thanks for the feedback.
If you are facing the issue I came across while trying to download SwiftOnSecurity's Sysmon config in the article, try manually cloning the code from SwiftOnSecurity GitHub page and manually moving the .XML file to \Temp\Sysmon.
Hey Eric! I hope you see this. Thank you for this lab but I'm having trouble at the setup attack system step in part 1. I enter the command ssh user@[Linux_VM_IP] and then say yes to add it. But my password says permission denied. Ive restarted the entire Ubuntu process twice and tried making a new pass but still no luck. I don't think im using the wrong IP address so idk what's wrong. Is it the Static IP with the /24 on it? Thanks!
Thanks a lot, Eric!
I've recently bought a server with the following specifications:
- **Manufacturer:** Dell Inc.
- **Model:** Precision Tower 7810
- **CPU:** 28 CPUs x Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz
- **Memory:** 255.92 GB
- **Virtual Flash:** 5.17 GB used, 119.75 GB capacity
The server has ESXi-7 Host Client configured, allowing me to install any operating system.
Do I still need to download and install VMware Workstation Pro? If so, I have Windows 10 Pro installed on the ESXi. Would I then need to go into Windows 10 Pro to install VMware Workstation Pro? What would you recommend?
If you see this in ubuntu server trying to get sliver C2 then read below.
Resolving github.com (github.com)... failed: Temporary failure in name resolution. wget: unable to resolve host address ‘github.com’
Had to add DNS=8.8.8.8 to sytemd-resolved file under [Resolved]
Also added
nameserver=8.8.8.8
to the resolv.conf file
fixed
Hello, thank you for this amazing guide. I'm encountering a problem; I can't ping google. I'm following the steps. I did the process 3 times from scratch and still can't ping it. Not sure what it's wrong. Any insight?
Look at my comment just above.
I am having trouble IDK if vmware is using a different site now but I can't download vmware workstation pro.
Ah yeah, I worried that might be an issue... VMware just went through some massive changes, thanks to Broadcom. The good news is, they made Workstation free. The bad news, you must create a Broadcom account to get it. https://support.broadcom.com/group/ecx/productdownloads?subfamily=VMware+Workstation+Pro
I'll update the post here shortly to reflect. If you want to skip the headaches, check out SYWTBSA 2.0.
I made an account but it says i need entitlements to download vmware workstation.
Try this -- you'll need to unzip it, but otherwise should work.
https://softwareupdate.vmware.com/cds/vmw-desktop/ws/17.5.2/23775571/windows/core/
it worked thank you.
Okay, these changes are still pretty new so I am still wrapping my head around it, too. I'll report back once I know more.
Try this guide: https://www.virtualizationhowto.com/2024/05/vmware-workstation-pro-free-for-personal-use-download/
Hi,
Maybe someone could help.
I am stuck on #3, part F. on the Sensor installation,
----- IN THE WINDOWS VM, open an Administrative PowerShell prompt and paste the following
commands:------
---> cd C:\Users\User\Downloads
I don't know where to begin since I don't have that path on my system.
I tried to follow LC's directions and download the "download installer" first then<cd into that downloads path and run the <ls_sensor.exe> command but again, no results.
Thank You
Are you using the same Windows VM I prescribe? That path should exist, if so.
Ensure that the path C:\Users\User\Downloads actually exists. Open File Explorer and navigate to C:\Users\User\Downloads to verify. The "User" might be the name you used when installing the Windows VM.
I learned a lot today. Can LimaCharlie and Sysmon be used in place of IBM QRadar for SIEM?
Hi Eric,
Thanks for this series for us that are new to homelabing. I'm almost done with completing Part 1. However, I'm having trouble getting pass [sudo] password for user: in step 1 of Setting up my attack system with Sliver. Not sure what to put here. I tried using password, but no luck. Also, Gerald Auger's video, which I watched as support to this this page doesn't show what the input to move pass this step. Looking forward to the learning experiences ahead.
This is the password you set when you installed Ubuntu. If you can't remember, just reinstall Ubuntu.
Ok thanks Eric!
Hi great tutorial! Thank you.
Q: I can SSH from Ubuntu into my main machine no probs but the other way round is an issue currently. Firewalls, password etc aren't an issue. Is it something to do with the sshd_config file in Windows' ProgramData folder? Cheers if you can help.
Wait, you're saying you can SSH from Ubuntu to Windows, but not the other way around? This should require nothing on the host, since its just the client.
Correct
So I cant ssh into the ubuntu vm from my host machine. I enabled ssh on the ubuntu side but its still timing out.