Scribd Logo
Upload

Welcome to Scribd!

  • 1K views

    Lab 1 Solutions

    Uploaded by

    Ton That Quan (FPI DN)
    This lab covers creating a Kali Linux virtual machine for security testing purposes. Steps include downloading the Kali Linux VM file, extracting it using 7-Zip, and running the VM in VMware Workstation Player. The Kali Linux environment is then explored and updated within the VM.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Lab 1 Solutions

    Uploaded by

    Ton That Quan (FPI DN)
    1K views10 pages
    This lab covers creating a Kali Linux virtual machine for security testing purposes. Steps include downloading the Kali Linux VM file, extracting it using 7-Zip, and running the VM in VMware Workstation Player. The Kali Linux environment is then explored and updated within the VM.

    Original Title

    lab_1_solutions

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This lab covers creating a Kali Linux virtual machine for security testing purposes. Steps include downloading the Kali Linux VM file, extracting it using 7-Zip, and running the VM in VMware Workstation Player. The Kali Linux environment is then explored and updated within the VM.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    1K views10 pages

    Lab 1 Solutions

    Uploaded by

    Ton That Quan (FPI DN)
    This lab covers creating a Kali Linux virtual machine for security testing purposes. Steps include downloading the Kali Linux VM file, extracting it using 7-Zip, and running the VM in VMware Workstation Player. The Kali Linux environment is then explored and updated within the VM.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 10

    Lab 1.1.

    Online Research—Social Engineering by Threat Actors


    Objectives
    Threat actors are malicious entities within an organization (internal) or strictly outside of it
    (external) who are responsible for security incidents. Although threat actors often take
    advantage of vulnerabilities in the system they are attacking, not all attacks exploit those
    vulnerabilities. Social engineering uses little technology to gather data while relying on the
    weakest point in a system: the individual. Social engineering attacks often depend on
    psychological approaches but may also involve physical procedures.

    After completing this lab, you will be able to do the following:

    ∙ Define threat actors

    ∙ Identify the psychological approaches used to implement social engineering attacks ∙


    Identify steps to defend against social engineering

    Materials Required

    ∙ This lab requires the following:

    ∙ A computer or mobile device with Internet access

    Solusions:
    Estimated completion time: 15 minutes

    In this lab, you will search the Internet for information related to social engineering.

    1. Open your web browser and go to https://info.phishlabs.com/blog/brain-hacking


    socialengineering-effective.
    2. Read the PhishLabs blog article, and then list and describe the different types of psychological
    principles used in social engineering and the four human natures that social engineering exploits.
    Include an example of a social engineering attack using each of the principles.
    3. Use your web browser to go to www.dhs.gov/blog/2011/07/12/protect-yourself-againstsocial
    engineering-attacks.
    4. Read the guidelines given by the Department of Homeland Security on how to protect yourself
    from social engineering.
    5. Use the list and guidelines to write five additional recommendations that you would include in a
    policy to help protect your organization from a social engineering attack.
    1

    Lab 1.2. Dumpster Diving on Google—Google Dorking


    Objectives
    Dumpster diving is one way that an attacker can find information about a victim. While
    dumpster diving is typically done in a physical manner, the digital equivalent is called Google
    hacking, or dorking. When Google dorking, a threat actor uses advanced Google search
    techniques to find files or data a victim left on the web.

    After completing this lab, you will be able to do the following:

    ∙ Describe the different types of vulnerabilities and attacks

    ∙ Explain the impact of attacks

    Materials Required
    This lab requires the following:

    ∙ A computer or mobile device with Internet access

    ∙ Microsoft Excel or similar spreadsheet software

    Solusions:
    Estimated completion time: 15 minutes

    In this lab, you will perform basic Google hacking techniques to understand the ways that an attacker
    may use them.

    1. Open your web browser and navigate to the Google search engine.
    2. Type “SSN” filetype:xlsx and then press Enter to search for an XLSX (Excel spreadsheet) file with
    the keyword SSN (for Social Security number).
    3. Review the files listed in the results. How are they similar?
    4. Type intext:”db_database” filetype:env intext:”db_password” in the Google search bar. Note
    the type of information contained on these pages.
    5. Return to Google and use inurl: admin login.php as the search term to search for sites that have
    “admin” in the Uniform Resource Locator (URL), which usually indicates an administrative site, and
    “login.php” in the keywords, which directs the search toward administrative login sites.
    6. Try to navigate to a few sites, noting whether you can reach them.

    Lab 1.3. Creating a Windows 10 Virtual Machine for Security Testing


    Objectives
    A virtual machine is useful for installing or configuring applications for testing purposes. Inside
    of that virtual machine, the guest operating system runs isolated from the host operating
    system. This does not mean that the virtual machine is isolated from threats and vulnerabilities,
    though using a virtual machine can protect the host system. Although modern virtualization
    simulates hardware very well, it isn't typically a good test of new hardware.

    After completing this lab, you will be able to do the following:

    ∙ Create virtual machines using VMware Workstation Player

    ∙ Configure a Windows 10 installation inside of a virtual machine for security testing


    Materials Required

    This lab requires the following:

    ∙ A Windows computer with Internet access

    ∙ Windows 10 ISO file (see your instructor or lab supervisor for this file)

    Solusions:
    Estimated completion time: 1 hour

    In this lab, you will create a virtual machine in VMware Workstation Player and install Windows 10.

    1. Open your web browser and go to www.vmware.com/products/workstation-player.html.


    2. Click the Download Now button.
    3. Click GO TO DOWNLOADS next to Workstation Player 16.0, and then click the DOWNLOAD NOW
    button for the correct operating system. Launch the executable file you downloaded to install
    VMware Workstation Player.
    4. Click Next to continue the installation.
    5. Check the box to accept the license terms and then click Next. Continue to click Next until
    VMware Workstation Player is installed, and then click Finish.
    6. Launch VMware Workstation Player, and then click Continue and Finish. The program prompts
    you for updates, if any are available.
    7. Click Create a New Virtual Machine.
    8. Select Installer disc image file (iso).
    9. Browse to and open the Windows 10 ISO file and then click Next.
    10. If you have a product key, enter it. If you do not have one, click Next and then click Yes to
    confirm.
    11. Continue creating the virtual machine with default settings. After the virtual machine has been
    created, it starts automatically.

    12. Follow the Windows 10 installation wizard and keep all default settings to install Windows 10
    inside of your VM.
    13. When the installation is complete, shut down the VM from inside of Windows 10.
    14.Close all windows.
    4

    Lab 1.4. Creating a Kali Virtual Machine for Security Testing


    Objectives
    Linux is an open source operating system, meaning that the source code is openly available to
    developers to view and modify. Often, that means the software is developed, or at least
    improved, by the community. Kali Linux is a distribution of Linux that provides a toolkit for
    penetration testing and security auditing so that security professionals and IT administrators
    can simulate attacks. Kali has been adapted to run on mobile and loT (Internet of Things)
    devices with ARM processors. It can also be run in a live instance, which means that it is not
    installed but instead runs from a USB or optical drive as a live OS.

    After completing this lab, you will be able to do the following:

    ∙ Understand the purpose of Kali Linux

    ∙ Download and set up a virtual machine for security testing purposes

    Materials Required
    This lab requires the following:

    ∙ A computer with Internet access

    Solusions:
    Estimated completion time: 90 minutes In this lab, you will download and run a file archiver and a Kali
    Linux virtual machine.

    1. Navigate to www.7-zip.org.
    2. Click the Download link that corresponds to the operating system of the computer you are
    using, such as 64-bit x64 for Windows, and then save the file on your hard drive. 3. Launch the
    downloaded executable file for 7-Zip.
    4. Click Install to install the 7-Zip file archiver, and then click Close.
    5. Navigate to www.kali.org.
    6. Point to Documentation on the navigation bar, and click Kali Linux Documentation.
    7. Click Introduction on the Kali Docs page.
    8. In the left pane, click What is Kali Linux? and then read about Kali Linux.
    9. Point to About Us on the navigation bar, and click Kali Press Release to read more about Kali
    Linux.
    10. Click Downloads on the navigation bar.
    11. Scroll down to Kali Linux 64-Bit VMware, and then click Offensive Security VM Download Page.
    12. Click Kali Linux VMware 64-Bit to download a pre-built virtual machine for VMware. Use 7-Zip to
    extract the files to a folder on your hard drive.

    13. Open VMware Workstation Player. Note: If you did not complete Lab 1.4, please refer to that
    lab for instructions on installing VMware Workstation Player.
    14. In VMware Workstation Player, click Open a Virtual Machine.
    15. Navigate to where you extracted the files for the Kali virtual machine, and then click Open.
    16. If prompted about moving or copying, select I Copied It.
    17. Test the virtual machine by clicking Kali Linux in the left pane and then selecting Play Virtual
    Machine.
    18. Log in to the virtual machine using the username kali and password kali.
    19. Explore the Kali Linux interface and environment, and review the available tools. Tip If any
    errors regarding hardware appear, modify the virtual machine by right-clicking the name in the
    left pane and then clicking Settings. Pressing Ctrl+Alt (Windows) or Ctrl+Option (Mac) releases
    your cursor from the VM.
    20. Open a terminal window by clicking Terminal Emulator on the Kali menu bar 21. Update your
    list of update repositories (where Linux gets its updates from) by typing sudo apt update and then
    pressing Enter. The sudo command allows you to run commands with administrative privileges. Kali
    Linux will ask for your sudo password, which should be kali. 22. Perform a full update by typing
    sudo apt dist-upgrade and then pressing Enter. 23. When Kali Linux prompts you to continue, type y
    and press Enter. If you receive an additional prompt about restarting services, select yes and press
    Enter. Updating may take some time. (The estimated time remaining for download is shown in the
    lower-right corner of the window.) When the upgrades are complete, your terminal will return to
    the original prompt. 24. Close VMware Workstation Player.
    6

    You might also like