Open in app

Sign in

Write

Sign in

CYBERSECURITY DETECTION & MONITORING LAB:- Part Six

Robert Onyango
5 min readMay 30, 2024

--

VICTIM NETWORK SETUP & CONFIGURATION

Introduction

Welcome back to the blog series, ‘Cybersecurity Detection and Monitoring Lab’. Find the link to part five of the lab where we set up firewall rules for our lab in pfSense to allow our devices to exchange network traffic.

In today’s episode, we set up our victim network, where all the dirty work will be done. The subnet will be comprised of a Windows Active Directory Domain Server with a Windows 10 client (a simulation of an enterprise environment) and two deliberately set servers DVWA and Metasploitable 2 that will allow us to practice a wide range of penetration techniques.

Below is our standard reference point, the network topology diagram, that we will use here when assigning IP address ranges to our Domain Controller.

Active Directory Environment

For a quick introduction and setup guide on Active Directory, visit my article, Windows Active Directory Home Lab simulating an Enterprise environment. (A little confession, I cloned the VMs from the Active Directory Lab)

Take note of the following as you’re walking through the configuration process as described in the article linked above:

  • Set all the Active Directory Virtual Machine network adapters as follows: Adapter 1 to detect and monitor-Victim-VLAN.
  • The IP addresses should match the IP addresses of the current architecture i.e. 192.168.4.1/24 for the internal network. Make pfSense the default gateway 192.168.4.1 and make the IP address for the domain controller 192.168.4.10 then follow through subsequently.
Domain Controller IP address,
Windows Client IP address
  • One key thing missing in the Active Directory Lab walkthrough is adding Active Directory Certificate Services to the server roles and subsequently adding Certification Authority to the Role services. Ensure that you add these services since some exploits can be tested.
  • After installation is complete, the server has to be restarted.
  • After restart, you should a prompt from the notification icon. Click on the link.
  • Click on ‘Next’.
  • Select the ‘Certificate Authority’ checkbox and click on ‘Next’.
  • Click on ‘Next’ until you reach the ‘Confirmation Page’. Click on ‘Configure’ to save the changes.
  • Finally, make sure you disable the Windows Defender Firewall in your domain controller. Remember, we want to make the most out of our lab by having the weakest configuration settings. Type ‘Windows Defender Firewall’ on your start menu then click on ‘Turn Windows Defender Firewall on or off’. Proceed to turn off all the customized settings for each type of network. You can also disable Windows Defender Firewall by using Group Policy Management.

Optional vulnerable machines.

i. Vulhub’s DVWA (Damn Vulnerable Web Application)

  • Go to VirtualBox and click on ‘New’.
  • For the name, type in ‘DVWA’, then for the iso image select the downloaded DVWA iso image and click on ‘Next’.
  • Give the new VM 1GBs of RAM, then proceed to click on ‘Next’.
  • Allocate a disk size of 20GB and click ‘Next’. Then proceed to ‘Finish’.
  • Go to ‘Settings’ then ‘Network’. Set the VM to the internal Victim VLAN. Click ‘ok’.
  • Click ‘Start’. DVWA should boot as follows to the start page.
  • Confirm the IP address by typing the command ‘ipconfig’. See from the image below that it does belong to the Victim Network subnet 192.168.4.1/24.

ii. Metasploitable 2

  • Go to VirtualBox and click on ‘New’.
  • For the name, type in ‘Metasploitable’. Note that I have not selected an ISO image. Select the OS type and version as shown below and click on ‘Next’.
  • Click on ‘Next’ until you get to the Virtual Hard disk page. Here, select ‘Use an Existing Virtual Hard Disk File’. Then select the file explorer icon highlighted below.
  • Click on ‘Add’ and navigate to the extracted virtual machine disk image. Click on ‘open’.
  • With the virtual machine disk image selected, click on ‘Choose’.
  • Click on ‘Next’ and then ‘Finish’ the installation.
  • Go to settings then select ‘Network’. Set it to the Victim LAN as shown below and click ‘ok’.
  • Click on ‘Start’ to boot the machine. The default username and password both are ‘msfadmin’.
  • Confirm the IP address by typing the command ‘ipconfig’. See from the image below that it does belong to the Victim Network subnet 192.168.4.1/24.

Nice work! We have now successfully set up our victim network and it is ready for all the exploits we can come up with as we endeavor to sharpen our cybersecurity skills. We are almost completing our lab setup. Next, we need to set up our environment to allow practice with another SIEM, Splunk. Catch Splunk’s installation and configuration in the next episode here: part seven. Happy Learning!

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Cybersecurity
Penetration Testing
Network Security
Homelab

--

--

Robert Onyango
Robert Onyango

Written by Robert Onyango

71 Followers
7 Following

🔒 Cybersecurity Novice | 💻 Hacking into the world of cyber: Cracking codes and dodging malware – welcome to my digital diary! 📖 #CyberSec

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams