Lab 0.3: CloudLabs Setup

Goals:

• Learn how to set up CloudLabs for this class and access the VM

Instructions

This lab gives you basic instructions on how to use CloudLabs. If you are using your own host, or VMWare VM for this class, you can skip this.

1. Navigate to https://app.metactf.com/ and create a MetaCTF account, or sign into your existing account.

2. Once logged in, go to the Cloud Labs tab

   

3. Enter in the class code for this course, then click submit:

   soc18-jw8re2

4. The page will then refresh and you should see the listing for the course, Foundations of SOC with Elastic and Jira w/ Hayden Covington. Click on “View & Manage Lab” to access the VM.

   

5. Once there, you can click “Start Lab” or click “Start” on the specific VM you want (this course only has one)

   

6. After a few minutes the machine will start. You can connect via your browser* by clicking “Connect via browser (RDP)”.

   

   1. *Note: I have tested functionality of both Chrome and Firefox. Chrome works fine, Firefox did not always work with copying and pasting, which will be necessary for the course.
   2. Now you should be set!

A few notes on Cloud Labs from Meta CTF.

• Machines will automatically time out after 10 hours to save course credits.
• You should have more than enough credits for the length of the course, unless for whatever reason you run them 24 hours a day from start to finish. (You shouldn’t do that…)
  • In between days or labs, you can Stop your VM if you want to conserve credits (stopped VM’s still consume a small amount of credits). Please note that you should not destroy the VM during the class as it needs to continue sending logs to Elastic until after the class at least.
• If you run out of credits during the class: Please let me know. Try your best to conserve credits until the end of the course proper.

Additional References

• MetaCTF extra instructions & help:
  • Using a Cloud Lab
    • Press "Start Lab" to instantiate and start a lab and all virtual machines (VMs) in it.
    • You can "Start" and "Stop" individual VMs within a lab. You will not be charged for VMs in "Stopped" state.
    • Press "Destroy Lab" to delete all VMs you have instantiated. Be aware that this will cause you to lose any changes or progress you have made. You can re-instantiate the lab by pressing Start Lab again, but it will spawn from its original template.
    • If you'd like to completely reset an individual machine back to its original template, just "Destroy" it and then "Start" it again.
  • Remote Connections
    • Some VMs may be slow to boot up, and you'll see a connection error. Please allow up to five minutes for the VM to boot up. If the connection still isn't working after that time, contact support.
    • In Guacamole, press Ctrl+Alt+Shift on your keyboard to open the sidebar. There you can adjust some settings and (if it's enabled for this VM) read from and write to the VM's clipboard.
    • Guacamole also offers direct clipboard sharing (your system's clipboard is automatically kept in sync with your VM's clipboard), but it's unreliable. In our experience, it's more likely to work in Chrome / Chromium browsers. You must allow clipboard sharing in the browser when prompted or in site settings.