Reddit reviews Building Virtual Machine Labs: A Hands-On Guide
We found 24 Reddit comments about Building Virtual Machine Labs: A Hands-On Guide. Here are the top ones, ranked by their Reddit score.
If you can spare the $35, take a look at the lab setup in here: https://www.amazon.com/dp/1546932631/
> Any thoughts?
rather than type up shit, ima link you to a great book. https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631
amazon link so do the needful for affiliate links or buy somewhere else. Or do whatever. I'm not your dad.
>I don't want to ask the kids at school because I don't want them to think I'm dumb and also I want to be able to learn this on my own!!
Communication and respect are two key things that need to happen to really succeed at things like the CCDC. If you can't do that with your classmates now then you're not going to get super far.
(Vice versa to them as well)
BUT on the other note if you dont know where to start on building a lab
"Building Virtual Machine Labs: A Hands-On Guide" LINK
seems to be a solid book on the subject in general in regards to VMs. But at the end of the day its really just figuring out what you want to start on and then just using your favorite search engine on how to get started.
Do you have a home lab, even if it's just VirtualBox running on your computer? Running virtual machine labs is critical to learning and getting into infosec.
If you're not familiar with how to run virtual machine labs, this book is a great place to start. It will get you up to speed quickly. https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631
This blog post has some good info and links to further reading: https://www.stevencampbell.info/2016/07/how-to-break-into-information-security/
BTW, don't be tempted to try to get into pentesting (offensive) because it seems like an exciting job. There's much more demand and opportunity for security analysts and engineers. If you want to go that route, get a few years of experience in a "blue team" (defensive) security role first.
Also, check out the sidebar here. There's a lot of good resources linked there.
OP is a good guy and
shitposts incessantlyanswers a lot of questions on Twitter. I have every confidence the book is well worth the $35 price of admission. This is the direct link to the Amazon page as well, non-affiliate.I would check out https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631/ref=sr_1_2?ie=UTF8&qid=1496857119&sr=8-2&keywords=building+virtual+machine+labs.
Last week he was giving it away in pdf form for free, so you should be able to find it on the Internets pretty easily.
I used it to setup up a lab running on ESXi, with pfSense firewall, Splunk and Snort, Active Directory running on Server 2016 with about 30 user accounts, and a bunch of desktops running Win7 and Win10.
One resource that I would strongly recommend is Building Virtual Machine Labs: A Hands-on Guide by da_667 which has a step-by-step guide to building a pretty great lab that can then be augmented very easily.
If the price is a bit steep ($63), the ebook version is up on leanpub for $20.
Building Virtual Machine Labs: A Hands-On Guide https://www.amazon.ca/dp/1546932631/ref=cm_sw_r_cp_apa_i_QFOQCbBVY1YD2
This book walks through setting up Splunk using their free developer license (I think like 500mb/day or something around there). Goes through some basic examples for rules to set up. Also a great resource for lab set up in general. I think there is a new version in the works as well?! For a long time the author was giving this away for free.
Security Onion is another good resource, has built in SIEM tools as well.
I cannot recommend checking out his book enough. Great place to start. Security focused.
Backtrack is now Kali Linux, I believe they made the switchover 4 or 5 years ago. In general, the answer to if knowing a given area of technology will be applicable to security, the answer is "yeah, probably at some point." The better you understand a process or system, the more quickly and reliably you can sniff out what's misconfigured, or left as default, or vulnerable to poking with a metaphorical stick to see what comes out.
Kali has a lot of good tools, and I'm sure there are pentesters who use almost exclusively the tools in it for their day-to-day work. I would caution against relying too heavily on it though, or studying how to work the tools in Kali to the exclusion of other research.
If you haven't taken an intro to compsci class to understand how a computer processes instructions, how stacks and heaps work and the differences between them, etc, I would absolutely start there. Then look at basic networking, and work on setting up a virtual lab at home. You can do all of this for free through classes like edX, Khan Academy, etc. Even the process of getting your virtual lab operational will give you valuable hands-on experience, and then you'll be set up to safely practice when you're ready for it.
This book was hugely helpful to me, walked you through everything step-by-step along with pointers for further research. It was written by a Redditor, but I can't remember who. (If someone else recalls, mind replying to make sure they get a kudos?)
https://www.peerlyst.com/posts/end-of-a-long-journey-or-is-it-tony-robinson-1
he's selling it now. Also holy crap its like 600 pages.
CreateSpace
Amazon
The big thing here is that installing SO in a VM on production host wouldn't really be considered air-gapped. For that to be the case, you'd need to do it on a separate physical host.
If you're just replaying PCAP traffic over an interface then you probably don't need much isolation and can just use a private interface for your sniffing interface. If you're going to be performing malware analysis of live files, you'll want to take quite a few more precautions. I'd recommend this book which covers this in detail: https://smile.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631/
This is an excellent start:
https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631
I worked through this a while back. Learned a lot and enjoyed the process.
Do you want an already identified vulnerability from this post to include in your work? Or do you want suggestions for an open source application which you’ll test?
In either of the case, you really need to start with reading up on setting a test environment first. I would suggest this book:
Building Virtual Machine Labs: A Hands-On Guide https://www.amazon.com/dp/1546932631/ref=cm_sw_r_cp_api_i_N-bIDb1Z79EN7
Or do you want a setup for doing a security audit? In which case, I would give you the tool which I always use primarily: Burp Suite.
You can always make your own custom python tools according to your needs. Good luck.
Sure. The org I’m leaving purchased a budget SIEM (Solarwinds) for FISMA compliance (we get audited annually). But the network admin didn't have time to work on it. I was a bit of a utility player - web and software development, backup & recovery, a little database administration, some Linux administration, some scripting (mostly Powershell), etc. My boss knew I was interested in security, so he gave me ownership of it. I didn’t know anything about SIEM nor did anyone else on my team. So I had to set the whole thing up – getting agents installed on the machines we wanted to collect logs from, creating and tuning rules and alerts, setting up dashboards for real-time monitoring, creating incident reports, working with Solarwinds support when I couldn’t figure something out, etc. I also researched security events that I should be looking for and how to detect them. Ultimately, it led to me writing our security monitoring SOP and participating in our security audits. The most recent project I had was to recommend and implement a replacement for Solarwinds (the product had some bugs that were creating problems for us). I chose ELK and got it up and running with most, but not all, of the functionality of our previous SIEM. So that’s it for my professional security experience. Really not too much. My new gig heavily involves using QRadar. But that’s all I can really say about it at this point, as I haven’t started yet.
As for the non-professional stuff I did on my own, I took the eJPT course/certification, kept studying through books and online (Cybrary, Black Hat Python by Justin Seitz, Georgia Weidman’s book, some Udemy courses), built a security lab at home following the awesome lab guide by /u/667SlaysAyysForDays (its for sale now, not certain what its called but I think it may be this one: https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631), and kept listening to podcasts to keep myself interested and immersed.
You need more ram. 1GB is nowhere near enough for windows 7.
You also might want to read this and set up a lab. Or use vmware player and don't give the guest any network access. That said, I don't have a clue about malware analysis. ¯\_(ツ)_/¯
sure is. Go buy my book. https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631
I learned a lot with this book:
Building Virtual Machine Labs: A Hands-On Guide https://www.amazon.com/dp/1546932631/ref=cm_sw_r_cp_api_xV8MBbATPEPT9
Or find the PDF / on a pub site and pay less.
I’d recommend a decent Investment in an i7 multicore computer and try to get 16GB of RAM or more.
It’s hard to do this without a relatively decent machine.
The NUCs don’t have multiple NICs on board — might want to see if you can find a computer used that would be cheap to buy RAM for (DDR3) and something at i7 level.
Good luck.
For items 3 and 4, may I suggest:
https://www.amazon.com/dp/1546932631/ref=cm_sw_r_cp_api_339ozbXP7ZJZ7
Build a lab at home and start learning networking and system administration. While you are doing that, start filling out applications for any computer/network related jobs you can find and hopefully you will get a hit. Depending on how rural you are, you may have to commute into a city to find work. But these days, everyone has computers.
​
https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631
This book is really good for setting up a pentesting lab for multiple hypervisors including VMWare.
Some literary resources you should find helpful. When in doubt, track down the best in your field and find out what they are writing/doing (Good Luck!)
Learn Windows PowerShell in a Month of Lunches https://www.amazon.com/dp/1617294160/ref=cm_sw_r_cp_apa_c--CzbBZM4SFB
https://www.manning.com/books/learn-windows-powershell-in-a-month-of-lunches-third-edition
Virtual Labs
Building Virtual Machine Labs: A Hands-On Guide https://www.amazon.com/dp/1546932631/ref=cm_sw_r_cp_apa_4b.Czb24JYXTM
Microsoft Books:
(I am positive you can scrape some useful AD information from this collection)
https://blogs.msdn.microsoft.com/mssmallbiz/2017/07/11/largest-free-microsoft-ebook-giveaway-im-giving-away-millions-of-free-microsoft-ebooks-again-including-windows-10-office-365-office-2016-power-bi-azure-windows-8-1-office-2013-sharepo/
Check out this book:
https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631
It explains how to build a pentest lab.
https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631
By far the best resource you can get.
He had the unpolished/unfinished PDF for free for a while on his site but removed it when it was published.