Skip to content

Lab 0.1: Test Subject

Goals:

  • Prepare your Windows VM or host machine for lab exercises
  • Ensure proper setup for log forwarding to Elastic cloud instance

The username and password of the VM are:

CloudLabs Username: Administrator

Password: S0C!tToTh3m

Instructions

  1. Begin by downloading the course files at a the link provided via Email or in the Discord.
    1. Depending on the delivery method you may need a password for the download and/or the zip files:
  2. This class requires the use of a Windows VM for sending logs to the Elastic cluster you will be creating and working in. If you are using CloudLabs (recommended), you can skip right to Lab 0.3. LAB 0.3: CloudLabs Setup

Warning

This below method is no longer actively updated. It still works but screenshots & exact instructions may have changed.

**We recommend and support utilizing the provided Cloud VM: LAB 0.3: CloudLabs Setup

All lab instructions going forward assume the use of the CloudLabs VM.**

The instructions for the rest of this lab and LAB 0.2: Atomic Red Team & Sysmon are provided as-is and for your convenience if you want them.

  1. If you want to use a VMWare VM, or your own machine for the labs, keep reading.
  2. Using your own machine for the labs:
    1. If your host OS is not Windows your experience with these labs will differ in regards to the log events you see in Elastic or how you install the agent. These labs are created with Windows in mind, so I recommend you use the VM.
    2. You’ll need to set up Atomic Red Team and Sysmon on your host machine; instructions are provided in Lab 0.2.
    3. You will be sending logs from your host to an Elastic cloud instance using a lot of policy defaults. Please make sure you are fine with your device logging to a cluster that ideally you will only have access to, but security is funny like that sometimes.

  3. If you would rather use the VMWare Windows VM, please ensure you do the following before class:

    1. If you do not have VMWare installed, please download the free version of VMWare Player: https://www.vmware.com/products/workstation-player.html
    2. Download and import the Windows VM.
      1. In VMWare select File > Open and select the file with the extension .ovf of the downloaded VM
    3. Ensure that you can sign in and that the specs of the VM are to your liking. I intentionally have the specs set fairly low as it doesn’t need to do much besides send logs.
    4. Make sure you can copy and paste to the VM.
      1. If you cannot copy and paste, you may need to reinstall VMWare Tools.

      2. With the VM powered on, select VM from the settings and click “Reinstall VMWare Tools”.

        Untitled

  4. And that’s all you need to do for now… Unless you’re running the labs on your own host instead of the VM or CloudLabs. If you’re doing that, continue with Lab 0.2.