Uncover the Secrets of a Home SOC Analyst Lab! [Step-by-Step Walkthrough]

In this video, I walk through the entire creation of the SOC Analyst home lab by Eric Capuano.
https://blog.ecapuano.com/p/so-you-wa...

Every mouse click, screen, configuration, etc. You can follow this video to build the lab.

📒 Show Notes 📒

⏰ Markers
1:22 Erics Blog Post So You want to be a soc analyst
1:25 Virtual Machine Setup
1:35 VMWare Install
2:12 Ubuntu (Attacker) Machine vm install
4:06 Windows (Victim) Machine vm install
4:27 VMWare error requested power operation is already in progress and powershell fix
4:47 Removing security defenses from Windows VM
5:16 Windows VM defense removal: Turning off Virus and Threat Protection
6:15 Windows VM defense removal: Group Policy Editor
8:01 Windows VM defense removal: Disabling power configurations
10:03 Windows VM defense removal: Safe Boot
11:29 Windows VM defense removal: Registry Editing
14:04 Installing Sysmon on Windows VM
14:55 Installing LimaCharlie Agent on Windows VM
15:10 LimaCharlie - Creating an organization
15:46 LimaCharlie - Installing agent on Windows VM
18:13 LimaCharlie - Configuring LimaCharlie to ingest Sysmon logs from Windows VM
19:45 Sliver - Setup Sliver c2 Framewor on Ubuntu VM
20:41 Sliver - Get IP network details (this will be different values on your machine)
22:39 Sliver - Editing /etc/netplan/00-installer-config.yaml with network values
25:58 Sliver - SSH into Ubuntu box
26:13 Sliver - Downloading and installing Sliver
27:50 Sliver - Launching Sliver
29:20 Sliver - Pulling Sliver payload down onto Windows VM (victim)
31:46 Sliver - Sliver to access on Windows VM (using a session)
33:33 LimaCharlie - Seeing attacks in limacharlie
35:40 Resources to learn more about windows processes and binaries threat actors use
36:49 Checking VirusTotal via LimaCharlie to see if malware has been seen
38:43 Detection Engineering to detect this attack
40:08 Writing a custom detection rule in LimaCharlie
42:42 Seeing the detection in LimaCharlie work
43:10 Configuring a custom output webhook to add automation and notification to your detection (not in blog post, but cool so i added it)

RESOURCES IN VIDEO
Eric So You Want to Be A SOC Analyst blog post: https://blog.ecapuano.com/p/so-you-wa...

Lima Charlie: https://limacharlie.io/

Sliver You'll have to google, this video could be pulled down if i link to it for "reasons"

Sysmon: https://learn.microsoft.com/en-us/sys...

SwiftOnSecurity Sysmon Config: https://github.com/SwiftOnSecurity/sy...

EchoTrail: https://www.echotrail.io/

SANS Hunt Evil Poster: https://www.sans.org/posters/hunt-evil/
Living Off The Land Binaries, Scripts and Libraries: https://lolbas-project.github.io/#


Simply Cyber's mission is to help purpose driven professionals make and and take a cybersecurity career further, faster.


📱 Social Media
Let's Connect: https://linktr.ee/SimplyCyber

🔥 The Best Free Cyber Resources
https://simplycyber.io/

📷 🎙 💡 MY STUDIO SETUP
https://kit.co/GeraldAuger/simply-cyb...

🙌🏼 Donate
Like the channel and got value? Please consider supporting the channel
https://www.buymeacoffee.com/SimplyCyber

😎 Merch 😎
👉🏼 Simply Cyber Branded Gear: https://www.simplycyber.io/store

MUSIC TRACKS IN VIDEO
Jellyfish in Space by Kevin MacLeod is licensed under a Creative Commons Attribution 4.0 license. https://creativecommons.org/licenses/...


It's Always Too Late to Start Over by Chris Zabriskie is licensed under a Creative Commons Attribution 4.0 license. https://creativecommons.org/licenses/...

CGI Snake by Chris Zabriskie is licensed under a Creative Commons Attribution 4.0 license. https://creativecommons.org/licenses/...

Disclaimer: All content reflects the thoughts and opinions of Gerald Auger and the speakers themselves, and are not affiliated with the employer of those individuals unless explicitly stated.