RoDuffy.com

Tag: Cyber Security

  • Creating a Sandbox Environment in VMware Workstation

    Creating a Sandbox Environment in VMware Workstation

    A computer using a computer

    When working in a security role you often come across malware or malicious links that pique your interest, but to detonate one of these files or browse to one of these addresses on a machine you regularly use would be detrimental to the security of your own device. Therefore it is imperative that any good security person has a sandbox environment in which to play around with malicious files. Some people opt to keep an old dusty laptop stashed away in a drawer to call upon when the time arises, but this approach can be laborious for a number of reasons.

    • When malware is detonated, the machine is compromised and a full reinstall needs to be carried out which takes a long time.
    • OS updates and security patches need to be downloaded and installed each time the OS is reinstalled.
    • When a machine is compromised, there is a good chance the threat actor could move laterally within your home network.
    • It is a whole other device you need to track down and plug in every time you want to use it. This can be a pain if you need to take it on the road (old laptops can be heavy!)

    Virtualisation To The Rescue

    Virtualisation is the act of running an operating system within an operating system. It is a great way to try out an OS without committing to installing it on bare metal. There are many virtualisation options to choose from; Virtualbox, Hyper-V, Parallels (if you’re on an MacOS), and VMware to name a few. For our purposes we’ll be using VMware Workstation Pro, officially a license costs around £150 from VMware themselves, but there are other sites where keys can be acquired for a fraction of the full price. I am unsure of the legality of these aftermarket keys, so use at your own risk. Now that we’ve acquired our virtualisation software, we next need to decide on an operating system. Use an operating system that is relevant to your use case, for example if you’re curious as to how the EternalBlue exploit works, you’ll need a version of Windows 10 that doesn’t have the 4013429 patch. I’m interested in malware attacks that are relevant to my org, and we have recently made the move to Windows 11 so that’s what I’ll be using. You can find a Windows 11 ISO here.

    Setting Up The Environment

    Once you have downloaded and installed VMware Workstation Pro and you have your Windows 11 ISO on your machine, within Workstation Pro click File -> New Virtual Machine. Within the Virtual Machine Wizard select the Installer disc image file (iso) radio button and track down your Windows 11 ISO image. Follow the rest of the wizard allocating an appropriate level of disk, memory and CPU cores to your new virtual machine. Start the virtual machine and make your way through the Windows 11 Setup process like you are setting up a new device.

    As I am setting up this device to potentially load malicious files onto, I don’t particularly want to log in to my Microsoft account on this VM, so I’ll use a nifty little trick to bypass this requirement during the provisioning stage. Once you have reached the Select Keyboard Layout stage of the setup process, press Shift + F10 to bring up a command prompt window and enter OOBE\BYPASSNRO.

    The VM will reboot and eventually bring you back to the Select Keyboard Layout page. Again, press Shift + F10 to bring up a command prompt window and enter ipconfig /release to flush any network connection the VM will have obtained. This allows us to continue setting up the VM offline, bypassing the need to use a Microsoft account. Continue with the setup process until your new Windows 11 VM boots up, restart it and launch Windows Update and install any updates and security patches that are available, set your aspect ratio etc. Do everything you would do to make a device ready to use, and then read on.

    Non-Persistence Is Key

    Once we have our guest VM operating system in a state that we are happy with, we are going to switch the virtual hard drive to a non-persistent state. Essentially this means that we will be freezing the operating system and filesystem as it currently is, and any changes we make or files we save when we are using it in the future will disappear when the device is rebooted. First shut down the virtual machine and then right-click on your VM in the Library pane, and click on Settings. From the VM settings menu, click on your Hard Disk and then on Advanced

    Within the Hard Disk Advanced Settings dialog box, select your drive, check the box for Independent and select the Nonpersistent radio button.

    Et voila! You now have a amnesiac version of Windows 11 that will forget everything that is done to it every time it restarts. If you need to apply patches and updates in the future, it’s just a matter of going back in to the virtual machine settings and taking the virtual hard disk out of Independent Mode, fire up the VM to apply updates and flipping it back to Independent Nonpersistent mode when you’re done!

    Come back soon where I’ll discuss networking considerations for a sandbox environment and how to set up secure network access using VMware Virtual Network Editor, and we will delve in to some tools that we can use within our VM to analyse malware as it is executed.

  • Looking Back | Looking Forward

    Looking Back | Looking Forward

    Before we look forward,
    a quick look back

    A year ago, I began my journey on the Fujitsu RADAR Programme, motivated by my passion for Cyber Security and a desire to work in that field. I knew that the RADAR Programme was the perfect opportunity to guide my career in that direction, so I set a goal for myself: to secure a role in Cyber Security by the end of the program. I am thrilled to say that I accomplished that goal, with a few weeks to spare.

    Currently, I am working as a Security Specialist at Fujitsu DSPU, where I will be focusing on SIEM (Security Information and Event Management) Content Development. Though it is still early on, I feel that this role is a great fit for me and I am excited to dive in after completing training and onboarding.

    I cannot stress enough how instrumental the RADAR Programme was in helping me achieve my goal. The Professional Skills webinars provided me with the soft skills and confidence I needed, and the Cyber Security Technical Stream introduced me to the different career paths within the field and imparted knowledge that was crucial for my job interview. I am grateful for the help and guidance I received during the program and without it, I would not be where I am today.

    Thinking ahead

    Setting goals as a young professional starting out in the IT industry can be a daunting task, especially when working within the field of Cyber Security. With so many different areas to focus on, it can be difficult to know where to begin. However, setting goals is an essential step in career development and will help you to focus on the areas that are most important to you.

    One of the first things to consider when setting goals is your long-term career aspirations. Are you interested in becoming a Cyber Security Analyst, or do you want to focus on a specific area of Cyber Security, such as penetration testing or incident response? Having a clear understanding of your long-term goals will help you to focus on the areas that are most important to you and will also make it easier for you to plan your career development.

    Another important consideration when setting goals is your current skill set. It is important to be realistic about your current abilities and to focus on areas where you need to improve. For example, if you are just starting out in the field of Cyber Security, you may want to focus on learning the basics of network security and penetration testing. As you gain more experience, you can then start to focus on more advanced areas, such as incident response or threat intelligence.

    In addition to your long-term goals and your current skill set, it is also important to consider your personal interests when setting goals. If you have a passion for a specific area of Cyber Security, such as cryptography or malware analysis, you may want to focus on developing your skills in that area. This will not only make your work more enjoyable, but it will also make you more marketable in the industry.

    Ultimately, the key to setting goals as a young professional starting out in the IT industry is to be clear about your long-term aspirations, to be realistic about your current skill set, and to consider your personal interests. By focusing on these areas, you will be able to develop a clear plan for your career development and will be well on your way to achieving your goals in the field of Cyber Security.

    So what’s next?

    For the year 2023, I have set three main objectives:

    • Expand my knowledge and proficiency in the platforms that are crucial to my role, such as Splunk and Microsoft Defender for Endpoint. I have already completed some e-learning courses and live training events, but I aim to continue growing in these areas until I am able to make valuable contributions to my role.
    • Obtain an industry-recognized certification in the field of Cyber Security. This will require me to decide on the most appropriate certification, such as (ISC)² CISSP, Comptia Security+, or OCSP, and focus on training and preparation for the exam. I will also consult with my manager to determine which certification would be most beneficial for both myself and the company.
    • Purchase a house. This is a personal goal that I am determined to achieve, and it will require careful planning and financial management.

    By focusing on these three goals, I am confident that I will be able to advance in my career, gain new skills, and achieve a significant personal milestone.