Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
11 comments

How to setup Kali Linux in VM

-
Kali linux is one of the most commonly used penetration testing distros, which is one of the commonly user tiger boxes, among pentesters. It is mostly used tools for penetration testing, cyber forensics and malware analysis.
I hope you've already downloaded you matching version of Kali Linux. If not please download from the following link 

https://www.kali.org/downloads/

Before we start, it is always best do review on the basics of virtualization. Please go through the following link before proceeding

http://pentesterblogs.blogspot.in/2016/07/pentest-lab.html 

At the time when I'm writing this blog Kali Linux has stable release "rolling".


  
Once you've downloaded kali linux please open your virtualization software, for me its VMware Workstation Pro.

 Click on file -> new virtual machine
on the newly opened window click on typical and click next

 browse the location of the Kali Linux ISO file and click next
Select the guest operating system as Linux and version as ubuntu

 Enter your virtual machines name which will be displayed on vm menu, also browse the location for saving the vm files and click next
 Select your desired harddrive space and select the split virtual disk option and hit next

On the next window click on customize hardware
customize your hardware with respect to available resources in your machine then click close and click on finish
Once you've returned to home window click on power on this virtual machine
After booting, in the very first window select graphical install  using arrow keys in keyboard and hit enter.
  

On the next window select the language as english  and click continue
select your country
The keyboard language will preferably American english for most keybords and click on continue this will begin the installation
Please wait until various stages of the installation is complete
When prompted enter the password for the root account.
Use entire disk with guided mode on at time of partition
 Select the drive and click continue
 Its always better if you store all in one partition
 Have a look at the changes being made and click continue
Confirming the changes before applying and click continue
The installation has begun
When it ask permission for a network mirror just select no and click continue
You definitely need a grub loader, just select the device and click continue
 Once installation is complete just hit continue and wait for it to remove temporary files


Once the installation has completed it will reboot by itself and will prompt for credentials
 The next step is to install vm tools for proper interfacing of physical and guest os. For that click on VM->Install Vmware tools.
Soon you'll have a cd rom on you Kali linux desktop
 Open it up and copy the TGZ file to desktop

 then open a terminal and navigate to desktop by entering
cd /root/Desktop
then decompress it by typing
tar -xvf VMwareTools........tar.gz
 After decompressing the tar ball navigate in to vm tools folder
cd vmware-tools-distrib
then execute the installer
./vmware-install.pl 
 Just keep hitting enter for any questions asked, except for kernel path, don't change kernel path type no in the field and hit enter

 Once installation has completed type reboot and hit enter

 
 If this method doesn't work for you then you can definetly install open source vm tools from internet jut by entering
apt-get install open-vm-tools

Comments

Post a Comment

Popular posts from this blog

Beginner’s guide: OSSIM (Open Source Security Information Management) part 1

-
Image
As we always do, we’ll start from the scratch, the very basics. OSSIM is most widely used open source SIM tool. The appliance is developed by the Alienvault. Other than OSSIM there are lots of open source SIM like LOGalyze, Kustodian, Prelude etc. But out of these SIM tools, OSSIM is my favorite. It is much user friendly and very stable with respect to performance and resilience. They also have a very good documentation center which gives step-by-step instructions and very good community forum to get help Before we start, if you haven’t seen my blog post on SOC please go through it first. http://pentesterblogs.blogspot.in/2017/05/beginners-guide-how-to-setup-soc.html
Read more

Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
Read more

Beginner’s guide: How to setup a SOC (Security Operations Center)

-
Image
Lot of people asks me to put something about setting up a SOC. So from today onwards, I’ll be posting articles about, how to set up a SOC. Unlike my other tutorials, SOC is not a specific tool/device, which you can simply ‘fit and forget’. So you need lots of patience and hard work to build one. As usual I’ll posting set-by-step instructions from planning to setting up the SOC.   But before that we need to learn some basics. We need all of you networking, system administration and security skills for this. As a minimum requirement to start, you need to have the following skills Networking basics (Preferred CCNA) Basic system administration (Linux and windows) Security administration (Firewall / UTM management) In other words if know how to configure networking devices, knows how to install package in windows and Linux, and knows at least how to open close ports in firewall, then we’re good to go. I’ve tried my best to write the article from the very basics stuff.
Read more