Thanks Eric! I just got my Sec+ and the timing couldn't have been better. I had been looking for a completely SOC oriented homelab setup but couldn't really find one. While I was studying for the Sec+ I devoted myself to that and put everything else to the side. Now that I'm done with that, I've got this great homelab to do SOC related projects with and start working towards having legitimate resume-ready practical experience for when I'm ready to transition from help desk into cyber. Thanks!
Was super interested in undertaking this lab for myself, but as of late the link to download a windows 11 dev environment ISO is unavailable and I'm wondering if I should try an ISO from elsewhere. Great write-up regardless!
If you are facing the issue I came across while trying to download SwiftOnSecurity's Sysmon config in the article, try manually cloning the code from SwiftOnSecurity GitHub page and manually moving the .XML file to \Temp\Sysmon.
I managed to get it to run properly. I realized with how tired I was that I ran it on the wrong command prompt. Instead of my PC I was running the command on the VM
This is awesome ! Thank you Eric. One question though. I've not been able to get SSH running from my host machine to my Linux VM. However i was able to SSH from the Windows VM to the Linux VM , will this cause any issues later ?
Hey Eric! I hope you see this. Thank you for this lab but I'm having trouble at the setup attack system step in part 1. I enter the command ssh user@[Linux_VM_IP] and then say yes to add it. But my password says permission denied. Ive restarted the entire Ubuntu process twice and tried making a new pass but still no luck. I don't think im using the wrong IP address so idk what's wrong. Is it the Static IP with the /24 on it? Thanks!
Hello, thank you for this amazing guide. I'm encountering a problem; I can't ping google. I'm following the steps. I did the process 3 times from scratch and still can't ping it. Not sure what it's wrong. Any insight?
I am stuck on #3, part F. on the Sensor installation,
----- IN THE WINDOWS VM, open an Administrative PowerShell prompt and paste the following
commands:------
---> cd C:\Users\User\Downloads
I don't know where to begin since I don't have that path on my system.
I tried to follow LC's directions and download the "download installer" first then<cd into that downloads path and run the <ls_sensor.exe> command but again, no results.
Ensure that the path C:\Users\User\Downloads actually exists. Open File Explorer and navigate to C:\Users\User\Downloads to verify. The "User" might be the name you used when installing the Windows VM.
Great tutorial, Eric.
Learned a lot this weekend.
I noticed that LimaCharlie apparently changed the lc_sensor.exe to hcp_win_x64_release_4.28.0.exe
Then added the information with -i
Awesome lab + write up, thanks!
Thanks Eric! I just got my Sec+ and the timing couldn't have been better. I had been looking for a completely SOC oriented homelab setup but couldn't really find one. While I was studying for the Sec+ I devoted myself to that and put everything else to the side. Now that I'm done with that, I've got this great homelab to do SOC related projects with and start working towards having legitimate resume-ready practical experience for when I'm ready to transition from help desk into cyber. Thanks!
hi
should be
```
.\lc_sensor...
```
Fixed this by dropping into cmd.exe from the PowerShell prompt first. Thanks for the feedback.
Was super interested in undertaking this lab for myself, but as of late the link to download a windows 11 dev environment ISO is unavailable and I'm wondering if I should try an ISO from elsewhere. Great write-up regardless!
If you are facing the issue I came across while trying to download SwiftOnSecurity's Sysmon config in the article, try manually cloning the code from SwiftOnSecurity GitHub page and manually moving the .XML file to \Temp\Sysmon.
Really late to this but this "wget https://github.com/BishopFox/sliver/releases/download/v1.5.34/sliver-server_linux -O /usr/local/bin/sliver-server"
no longer works. Tried to download a new version but no luck anyone have advice?
I just ran that exact command, directly from this comment, and it worked great. Can you provide more detail on how it's not working?
I managed to get it to run properly. I realized with how tired I was that I ran it on the wrong command prompt. Instead of my PC I was running the command on the VM
It should be run inside the Linux VM
WOW, this is amazing. Thank you Eric.
For anyone else wondering I did the entirety of Part 1 in Linux Mint using VMWare for Linux.
Didn't run into ANY issues and none of the instructions had to be changed or modified.
This is awesome ! Thank you Eric. One question though. I've not been able to get SSH running from my host machine to my Linux VM. However i was able to SSH from the Windows VM to the Linux VM , will this cause any issues later ?
Thank you for any advice .
Hey Eric! I hope you see this. Thank you for this lab but I'm having trouble at the setup attack system step in part 1. I enter the command ssh user@[Linux_VM_IP] and then say yes to add it. But my password says permission denied. Ive restarted the entire Ubuntu process twice and tried making a new pass but still no luck. I don't think im using the wrong IP address so idk what's wrong. Is it the Static IP with the /24 on it? Thanks!
If you see this in ubuntu server trying to get sliver C2 then read below.
Resolving github.com (github.com)... failed: Temporary failure in name resolution. wget: unable to resolve host address ‘github.com’
Had to add DNS=8.8.8.8 to sytemd-resolved file under [Resolved]
Also added
nameserver=8.8.8.8
to the resolv.conf file
fixed
Hello, thank you for this amazing guide. I'm encountering a problem; I can't ping google. I'm following the steps. I did the process 3 times from scratch and still can't ping it. Not sure what it's wrong. Any insight?
Look at my comment just above.
I am having trouble IDK if vmware is using a different site now but I can't download vmware workstation pro.
Ah yeah, I worried that might be an issue... VMware just went through some massive changes, thanks to Broadcom. The good news is, they made Workstation free. The bad news, you must create a Broadcom account to get it. https://support.broadcom.com/group/ecx/productdownloads?subfamily=VMware+Workstation+Pro
I'll update the post here shortly to reflect. If you want to skip the headaches, check out SYWTBSA 2.0.
I made an account but it says i need entitlements to download vmware workstation.
Try this -- you'll need to unzip it, but otherwise should work.
https://softwareupdate.vmware.com/cds/vmw-desktop/ws/17.5.2/23775571/windows/core/
it worked thank you.
Okay, these changes are still pretty new so I am still wrapping my head around it, too. I'll report back once I know more.
Try this guide: https://www.virtualizationhowto.com/2024/05/vmware-workstation-pro-free-for-personal-use-download/
I actually posted about this on Twitter. I said:
2022 > VMWare Pro cost = $100
2024 > VMWare Pro cost = 12 Hours and a PhD. :)
Hi,
Maybe someone could help.
I am stuck on #3, part F. on the Sensor installation,
----- IN THE WINDOWS VM, open an Administrative PowerShell prompt and paste the following
commands:------
---> cd C:\Users\User\Downloads
I don't know where to begin since I don't have that path on my system.
I tried to follow LC's directions and download the "download installer" first then<cd into that downloads path and run the <ls_sensor.exe> command but again, no results.
Thank You
Are you using the same Windows VM I prescribe? That path should exist, if so.
Ensure that the path C:\Users\User\Downloads actually exists. Open File Explorer and navigate to C:\Users\User\Downloads to verify. The "User" might be the name you used when installing the Windows VM.
I learned a lot today. Can LimaCharlie and Sysmon be used in place of IBM QRadar for SIEM?