This repository contains details and findings from my VMware-based cybersecurity lab, which includes various tools and configurations for reconnaissance, vulnerability scanning, intrusion detection, and security monitoring.
Deploy and configure a comprehensive cybersecurity lab to simulate, detect, and analyze malicious activities.
- Kali Linux: Used for reconnaissance and penetration testing.
- pfSense: Provides network segmentation and firewall functionalities.
- Splunk: Used as a Security Information and Event Management (SIEM) system.
- Suricata: Functions as an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS).
- Nessus: Used for vulnerability scanning.
The following are the results of an Nmap scan performed on the Victim Network (192.168.2.0/24). The scan was executed to discover open ports and services running on the network.
nmap -sV -p0-65535 -oN /home/kali/Desktop/nmap_scan_results.txt 192.168.2.1/24
-
192.168.2.1: Ports: 53 (domain), 80 (http), 443 (ssl/http) Services: Unbound, nginx
-
192.168.2.2 (DESKTOP-6NM36N8.home.arpa): Ports: 135 (msrpc), 139 (netbios-ssn), 445 (microsoft-ds?), 5040 (unknown), and various high ports for msrpc. Services: Microsoft Windows RPC, Microsoft Windows netbios-ssn
-
192.168.2.3: Ports: 21 (ftp), 22 (ssh), 23 (telnet), 25 (smtp), 53 (domain), 80 (http), 111 (rpcbind), 139 (netbios-ssn), 445 (netbios-ssn), 512 (exec), 513 (login), 514 (shell), 1099 (java-rmi), 1524 (bindshell), 2049 (nfs), 2121 (ccproxy-ftp?), 3306 (mysql), 3632 (distccd), 5432 (postgresql), 5900 (vnc), 6000 (X11), 6667 (irc), 6697 (irc), 8009 (ajp13), 8180 (http), 8787 (drb), various RPC ports. Services: vsftpd, OpenSSH, Linux telnetd, Postfix smtpd, ISC BIND, Apache httpd, Samba smbd, netkit-rsh rexecd, Netkit rshd, MySQL, PostgreSQL, VNC, UnrealIRCd, Apache Tomcat, Ruby DRb, distccd
A PCI scan was performed using Nessus, and the following vulnerabilities were identified along with their suggested remediations:
- Action: Upgrade to BIND 9.11.22, 9.16.6, 9.17.4 or later.
- Vulnerabilities: 3
- Hosts: 1
- Action: Upgrade to phpMyAdmin version 4.8.6 or later. Alternatively, apply the patches referenced in the vendor advisories.
- Vulnerabilities: 2
- Hosts: 1
- Action: Upgrade to Samba version 4.2.11 / 4.3.8 / 4.4.2 or later.
- Vulnerabilities: 1
- Hosts: 1
- Action: Apply the appropriate hotfix referenced in the vendor advisory.
- Vulnerabilities: 0
- Hosts: 1
- VMnet1: WAN - 192.168.136.128/24
- VMnet2: Kali - 192.168.2.1/24
- VMnet3: Victim Network - 192.168.2.0/24
- VMnet4: Splunk - 192.168.3.0/24
- VMnet5: Nessus - 192.168.4.0/24
- VMnet6: Suricata - 192.168.5.0/24
- VMnet7: Span Port - Promiscuous mode for traffic monitoring
- WAN: 192.168.136.128/24
- LAN: 192.168.1.1/24
- Victim Network: 192.168.2.1/24
- Splunk: 192.168.3.1/24
- Nessus: 192.168.4.1/24
- Suricata: 192.168.5.1/24
- Tool: Kali Linux
- Setup:
- Deployed on VMnet2.
- Configured to access all networks within the lab.
- Outcome: Successfully performed NMAP scans and Metasploit exploits on the victim network.
- Tool: pfSense
- Setup:
- Configured network segmentation with subnets and firewall rules.
- Enabled traffic filtering and monitoring.
- Outcome: Enhanced network security through effective segmentation and firewall configurations.
- Tool: Suricata
- Setup:
- Deployed on VMnet6.
- Configured to monitor network traffic and generate alerts.
- Outcome: Successfully detected and prevented malicious activities.
- Tool: Splunk
- Setup:
- Deployed on VMnet4.
- Configured to collect and analyze logs from various sources, including Suricata and Nessus.
- Outcome: Centralized logging and enhanced visibility into network activities.
- Tool: Nessus
- Setup:
- Deployed on VMnet5.
- Conducted regular vulnerability scans on the victim network.
- Outcome: Identified and remediated critical vulnerabilities.