HomeLab

Setting Up a Detection Lab

Byaghanim April 5, 2024April 5, 2024

When doing an engagement sometimes one would need to test a payload or an attack vector before deploying it. Watching how an operating system logs different events or how security solutions detect certain payloads can be valuable information for a red teamer/penetration tester.

An example that happened was gained credentials to MSSQL, and the MSSQL user had rights to enable xp_cmdshell. Of course, running commands through xp_cmdshell would always be detected in a mature envrionment, but what about other indirect exectuion such as relaying? Instead of testing in a production environment and possibly blow your cover, one could test it in a detection lab.

So the the plan is as follow:

Using Ludus to set up GOAD (Game of Active Directory (GOAD) | Ludus)
- GOAD (https://github.com/Orange-Cyberdefense/GOAD) is a great way to test different attack vectors against AD.
Using Ludus to setup ELK and Fleet. (Elastic Security | Ludus)

HomeLab

Visualize Snort3 logs in Kibana using Logstash and Elasticsearch

Byaghanim October 8, 2020January 25, 2022

Prerequisite Ubuntu 20.04 with root access Snort 3.0 up and running with community rules Open App ID Elastic Stack up and running In this guide we will visualize Snort3 logs in Kibana. I’ve setup Elastic Stack as an LXC with 300 GB disk space for storing logs. Elasticsearch consumes alot of storage when indexing data….

HomeLab

LXC on Ubuntu 20.04 VM getting IP from DHCP

Byaghanim September 13, 2020January 25, 2022

Follow any guide for setting up bridged network on LXC. Just google it. HOWEVER, if you’ve setup LXC on a VM with bridged network, the hypervisor will BLOCK dhcp requests if you’ve not enabled promiscouse mode on the NIC. In Hyper-V you have to enable mac-spoofing for it to work! Take note! Thank you!

HomeLab

Unlock Nvidia GPU to transcode more than 2 concurrent streams

Byaghanim November 8, 2020January 25, 2022

If you are running Plex, you’ve noticed that transcoding takes up alot of CPU power. Specially if you’re transcoding 4K videos, which you shouldnt do anyway. Plex removes tone mapping when transcoding 4K HDR, so your movies or TV shows will look bland. Now you want to offset some of that transcoding to your Nvidia…

HomeLab

Configure your website with SSL using NGINX as a reverse proxy

Byaghanim October 16, 2020January 25, 2022

Prerequisite Ubuntu 18.04 nginx running A domain – Example.com Let’s Encrypt certificate In this blog post we will configure your website and securing it with SSL using NGINX as a reverse proxy, forwarding traffic to your backend web server. For the sake of simplicity lets that you are you are running wordpress website with IP…

HomeLab

WordPress website will not load CSS when using NGINX as a reverse proxy with SSL

Byaghanim January 16, 2021January 25, 2022

When using NGINX as a reverse proxy with wordpress and having enabled SSL, you will have to force wordpress to forward HTTP to HTTPS. First, setup your wordpress website and NGINX reverse proxy with SSL. You will notice that CSS will not load when you visit your domain, instead of localhost. Add these lins to…

HomeLab

Backup files to the cloud using Rclone – Windows

Byaghanim June 11, 2021January 25, 2022

Rclone is an amazing tool that is used to manage files on cloud storage. Its fast, easy to use and command line based. You can choose from a wide range of supported providers, such as Amazon Drive, Google Drive, OneDrive, JottaCloud and many more. See the complete list here. https://rclone.org/ In this blogpost I will…

Similar Posts