Fun & Games, General InfoSec Tips & Tricks, Guest Author, How-To, Informational, InfoSec 101 Green Book, Infosec for Beginners, InfoSec Survival Guide

What to Do with Your First Home Lab

written by Alan Watson || Guest Author

This article was originally published in the InfoSec Survival Guide: Green Book. Find it free online HERE or order your $1 physical copy on the Spearphish General Store.

This article is a follow-up companion to the “Build a Home Lab” article from the Infosec Survival Guide: Yellow Book.
You can read that article HERE.

Having assembled fundamental lab components, you now get to play! However, the ocean of potential projects can be intimidating. Where does one even start?

Make It Work!

The vulnerabilities infosec revolves around arise as unanticipated side effects of people just trying to get emails to send, documents to print, and cat pictures to load. Begin by making things work, because featuresets, functionality, misconfigurations, and misguided defaults ARE attack surfaces. So try building a miniature office network, and come to know these attack surfaces!

Teach and Learn

The act of explaining a thing (i.e. trying to teach it) is a powerful lifehack for helping you — yourself — absorb the thing. Look up “rubber duck programming.” Maybe write a blog; Maybe create a YouTube channel; Maybe you just keep a private journal explaining to future-you what you did. Grok it!

Build it
Attack it
Teach it
Repeat!

Understanding how something works also means understanding how it can break.

Keep learning new things! Make LEDs go from happy-green to angry-red! Progress is perfection. You’ll never know it all, and that’s ok. If we were capable of knowing it all, there would be no need for conventions, collaboration, and shared shenanigans. Given the choice, I choose the latter.

Your Mini Office*

*For now, leave this environment disconnected from the internet and keep things as controlled as possible (with the exception of Wifi on your attack laptop so you can look things up and download things).

Client: A laptop running virtual “user” workstations
Switch: Mirroring network traffic to your Attack/Observation machine.
Servers: Virtual Windows Active Directory and a Linux server.
“Internet” Server: Something to represent a host on the internet (like a Raspberry Pi).
Firewall: Many options. pfSense is cheap. Great docs. Lots of features.
Attack & Observe: You, with two ethernet connections; the built-in port and a USB-to-ethernet adaptor (to listen to mirrored traffic). This is your battle station. Full Kali is fine, or maybe a Windows base + Kali in VMWare.

Get Started!

• Ping from (A) to (D).
• Ping from (D) to (A).
• Give (D) an FQDN and set up a DNS Server on the firewall (or maybe use Windows Active Directory).
• DHCP (go beyond basic DHCP and check out DHCP option 66 and 6).
• Set up Windows Active Directory on (C) and join (A) to it (note that this is a fantastic opportunity to create ridiculous usernames for your “users”).
• Install Sysmon on your Windows machines and take a look at the logs.
• Webservers! Create one on your Linux server and IIS on your Windows server (both on (C)).
• Activate RDP on a Windows machine and try a password spray attack on it (then run DeepBlueCLI on that PC’s .evtx logs and see how it can be detected).
• Use Responder from (F) to execute an LLMNR attack against (A).
• Use Wireshark to take PCAPs of interesting interactions and review them (both attacks and normal traffic).
• Follow the hardening procedures for different machines outlined by CIS (https://www.cisecurity.org/cis-benchmarks).

Explore the Infosec Survival Guide and more… for FREE!

Get instant access to all issues of the Infosec Survival Guide, as well as content like our self-published infosec zine, PROMPT#, and exclusive Darknet Diaries comics—all available at no cost.

You can check out all current and upcoming issues here: https://www.blackhillsinfosec.com/prompt-zine/