{"id":4620,"date":"2024-01-16T09:00:15","date_gmt":"2024-01-16T16:00:15","guid":{"rendered":"https:\/\/zed.inguardians.com\/?p=4620"},"modified":"2024-01-10T20:07:32","modified_gmt":"2024-01-11T03:07:32","slug":"be-curious-tinker-learn-and-grow-part-2","status":"publish","type":"post","link":"https:\/\/zed.inguardians.com\/blog\/be-curious-tinker-learn-and-grow-part-2\/","title":{"rendered":"Be Curious, Tinker, Learn and Grow – Part 2"},"content":{"rendered":"
Jonathan Studebaker<\/a>, Senior Security Consultant at InGuardians, Inc.<\/a><\/p>\n Editor’s Note: Part 1 of this three-part series discussed the pros and cons of some common learning approaches, information resources for infosec topics that may interest you, ways to get involved in the infosec community, and setting realistic goals, budgets, and expectations for yourself to maintain work\/life balance.\u00a0<\/span><\/i><\/p>\n Part 2 discusses some specific training resources and projects like building a home lab, tinkering with Raspberry Pi, and ways to explore mobile, cloud, wireless, and physical security.\u00a0<\/span><\/i><\/p>\n Part 3 will provide a simplified direct reference list with links and resources broken down by topic, with the intention to provide periodic updates as resource relevance and availability change over time.<\/span><\/i><\/p>\n The purpose of this blog post is to give you some options for exploring and tinkering with different topics within the information security space. While neither comprehensive nor definitive, these tools and projects are meant as a jumping-off place to get you started. I also want to stress that the projects and resources referenced are entirely optional. The goal should be to explore your curiosity and tinker so that <\/span>you<\/b> get the most out of it in a safe and secure way.\u00a0<\/span><\/p>\n Capture the Flags are challenges that teach security topics and techniques in a gamified manner with the goal of obtaining proof of successful exploitation in the form of a flag. If you think you may prefer a hands-on experience with live online CTF labs and challenges, several free and paid options are available. The difficulty and type of available challenges usually vary over time, but these types of activities can keep your skills sharp, introduce you to new concepts, and provide a way to interact with other individuals and teams in the security community.<\/span><\/p>\n This is not a comprehensive list and there are many other online resources available that have covered this topic in far greater depth.\u00a0<\/span><\/p>\n Writeups and guides for past challenges are also available for many CTF challenges and platforms. These can provide an interesting read if you\u2019re not quite ready to dive into live challenges yet.<\/span><\/p>\n A primary consideration of this lab should include network monitoring, isolation, and control of what gets in and out. This will give you the freedom to tinker and explore in a safe environment that will not impact other systems and devices on your network. I highly recommend checking out <\/span>How to Build a Home Lab<\/span><\/a> for details to create one possible solution.<\/span><\/p>\n If you have old hardware collecting dust in your closet or basement, dig it out and see what can be repurposed for your lab. Old laptops, desktops, servers, Raspberry Pis, and a variety of networking equipment can be used for this purpose. If you don\u2019t have dedicated networking devices that will suit this need, check the above video link for some great cost-effective solutions and how to attach and configure them for use in the environment.<\/span><\/p>\n If you don\u2019t have an old computer for your Virtual Machine (VM) server, another excellent option for a home lab setup is a <\/span>mini-PC like an Intel NUC<\/span><\/a>. The small form factor of these devices makes them an appealing option since they can fit just about anywhere in a typical home or office. Despite the small form factor, these devices can pack quite a punch, with modern processors and RAM options commonly available up to 64 GB. When paired with <\/span>VMWare ESXi<\/span><\/a>, <\/span>Proxmox VE<\/span><\/a>, or your hypervisor of choice, they are more than capable VM hosts. However, depending on the model and the hardware configuration, the devices can come in anywhere from around $500 to more than $1000.\u00a0<\/span><\/p>\n If a new mini-PC is out of your price range, consider checking out sources like eBay and Craigslist for used network and computer equipment. For example, at the time of this writing a used ESXi server with dual Xeon E36440 processors, 96GB of RAM, and a 2.1TB RAID 5 array was available within driving distance for $150. These kinds of deals don\u2019t last very long, but with a little patience and persistence, it\u2019s possible to find an incredible home lab server without breaking the bank. However, if you go the route of finding a place in your house or office to put a rack-mount server and\/or rack-mount network equipment, it may be difficult depending on your situation.<\/span><\/p>\n Once you have your hypervisor of choice up and running on your server and your network is isolated and monitored to your satisfaction, the sky’s the limit for exploration. You can spin up something like <\/span>Kali<\/span><\/a> Linux or <\/span>Commando VM<\/span><\/a>, a virtualized firewall like <\/span>pfSense<\/span><\/a> or <\/span>OPNsense<\/span><\/a>, various SIEMs, IDS and IPS options, honeypots, vulnerable VMs, containers and apps like <\/span>Metasploitable 2<\/span><\/a> or <\/span>3<\/span><\/a>, <\/span>OWASP IoTGoat<\/span><\/a>, <\/span>OWASP<\/span><\/a> Vulnerable Web Application Directory Applications<\/span>, <\/span>Vulnhub VMs<\/span><\/a>, <\/span>Crackmes.one<\/span><\/a> challenges and <\/span>other Damn Vulnerable resources<\/span><\/a>. <\/span>Evaluation versions<\/span><\/a> of Microsoft Operating Systems are also available and can be used to build an Active Directory test environment.<\/span><\/p>\n Use these virtual machines and environments to test software and configurations, exploits and mitigations, and various other offensive and defensive techniques. If you have a physical switch and wireless AP in this lab, you can even connect and test physical devices (IoT, Mobile Devices, etc.). The nice part about a home lab is it is private to you and resides within your own controlled internal environment. You get to choose when and what to explore and how you want to explore it. Keep an open mind and think of the possibilities.\u00a0<\/span><\/p>\n Setting up a lab in an isolated cloud environment is also an option but is beyond the scope of this post. Some high-level things to consider when considering cloud labs are the cloud provider costs and the inability to connect physical devices like IoT and mobile devices directly via WiFi, ethernet, etc. However, I encourage you to explore a cloud lab if the topic interests you.<\/span><\/p>\n Raspberry Pi 4<\/span><\/i><\/p>\n With supply chain bottlenecks starting to ease, the pricing and availability of Raspberry Pi devices are beginning to return to pre-pandemic levels. Consider grabbing a <\/span>Raspberry Pi<\/span><\/a>, or an <\/span>alternative<\/span><\/a>. These versatile credit card-sized single-board computers can be used for a variety of security-related projects. The relatively low cost of these systems makes them an excellent choice to try out something new with minimal commitment or as part of a home lab. Some examples include:<\/span><\/p>\n Pwnagotchi\/Raspberry Pi 0 W<\/span><\/i><\/p>\n In addition to standalone projects like the ones mentioned above, a <\/span>Raspberry Pi can be used as a multi-tool for hardware hacking<\/span><\/a> through its General Purpose Input Output (GPIO) pin headers. If you have an interest in IoT and hardware hacking, a Pi can provide a low-cost and effective option to reduce the barrier of entry and allow you to tinker.<\/span><\/p>\n Finally, there are tons of non-security-focused <\/span>projects<\/span><\/a> that you can do with a Raspberry Pi which may pique your interest. If you have a spouse or child with an interest in Linux, programming, and\/or basic electronics, a Raspberry Pi is a fantastic low-cost option to help encourage their growth and to do something together as a family.<\/span><\/p>\n Mobile device testing is another topic you may want to build your skills in. Start by reading a few blog posts to get your feet under you. Some apps can be emulated\/simulated and tested using free or paid tools including <\/span>Xcode<\/span><\/a>, <\/span>Android Studio<\/span><\/a>, <\/span>Corellium<\/span><\/a>, and <\/span>Genymotion<\/span><\/a>. Depending on the tool and license chosen, these tools can provide a free or low-cost starting point to test the waters without having to buy physical phones or tablets.\u00a0<\/span><\/p>\n Check out the <\/span>Damn Vulnerable iOS App<\/span><\/a> and <\/span>Damn Vulnerable Bank<\/span><\/a> for a couple of training platforms to learn and develop your Android and iOS pentesting skillset. If you find that you want to pursue this topic long-term and on a deeper level, it may be worth picking up a few books or taking a class.<\/span><\/p>\n Emulators can only go so far, and if you are planning to pursue this topic, it is ideal if you can pick up a few physical devices. This is especially true if the app that you are testing has special requirements or needs to interact with other physical devices like IoT devices or peripherals. Use your Google skills to find out what other devices people are using and recommend for this purpose. If you happen to have an old device in a drawer somewhere, dig it out and see what you can do with it. If not, eBay and Craigslist are an excellent resource for obtaining used Android and iOS devices. Make sure to do your research to determine the version of Android or iOS running on the device, and if the device can be rooted or jailbroken. Your employer may also have devices for this specific purpose, so it never hurts to ask about training opportunities for their use. If you get a device to use for this purpose, be cautious when you are setting it up. If you connect it to the internet and it auto-updates, you may ruin your chances of rooting or jailbreaking it.\u00a0<\/span><\/p>\n If you have interest or experience in testing the security of iOS itself, check out <\/span>Apple\u2019s Security Research Device<\/span><\/a> (SRD) and bug bounty program.<\/span><\/p>\n Note: Buying pre-rooted and pre-jailbroken devices is not recommended as they could contain malicious software and configurations.<\/span><\/p>\n Cloud security can be daunting due to the variations from cloud provider to cloud provider, the technologies used, and in the stakeholder\u2019s specific requirements and implementation. In some cloud environments, knowledge of network pentesting is applicable and can help to find the exposure of misconfigured, outdated, and exploitable systems and services. While other environments have a larger focus on web, APIs and cloud-native applications, container orchestration, and identity management.\u00a0<\/span><\/p>\n A good starting place can be in the documentation of the cloud providers themselves with standard reference architectures and diagrams, security reference architecture for <\/span>AWS<\/span><\/a>, <\/span>Azure<\/span><\/a>, and <\/span>Google<\/span><\/a>, and secrets and API documentation.<\/span><\/p>\n There are several vulnerable deployment projects to learn and practice with as well, including <\/span>CloudGoat<\/span><\/a>, <\/span>Damn Vulnerable Cloud Application<\/span><\/a>, <\/span>OWASP WrongSecrets<\/span><\/a>, and more. Some of these projects require you to have a cloud provider account and incur the associated costs of spinning up and running cloud resources. Remember that these are intentionally vulnerable cloud deployments so make sure to use them in a non-production and isolated cloud environment and tear them down when you have finished tinkering.<\/span><\/p>\n If you have an interest in containers and Kubernetes, make sure to check out <\/span>InGuardians<\/span><\/a> for training opportunities and <\/span>Bust-a-Kube<\/span><\/a> to try out an intentionally vulnerable Kubernetes cluster in your local lab VM environment.<\/span><\/p>\n Note: You are responsible for ensuring the wireless activities are legal and in compliance with regulations governing the transmission of radio signals.<\/span><\/p>\n Wireless security is more than just Wi-Fi. There are many different wireless tools, standards, protocols, frequencies, radios, and antennas to tinker within this space. Some may be of more interest to you than others and not all of them are useful nor applicable to every situation.<\/span><\/p>\n RTL-SDR<\/span><\/i><\/p>\n If you have an interest in the wireless space in general, a Software Defined Radio (SDR) can be a good place to start, and you can pick up an <\/span>RTL-SDR<\/span><\/a> for around $50. You can\u2019t transmit with it, but you can receive and begin to learn about tools like <\/span>GNURadio<\/span><\/a>, <\/span>gqrx<\/span><\/a>, and <\/span>Play Online Interactive Challenges and Capture the Flags (CTFs)<\/span><\/h3>\n
\n
Build a Home Lab<\/span><\/h3>\n
Gadgets, IoT and Hardware<\/span><\/h3>\n
Raspberry Pi<\/span><\/i><\/h4>\n
\n
Mobile iOS and Android<\/span><\/h3>\n
Cloud<\/span><\/h3>\n
Wireless Radio Gadgets<\/span><\/i><\/h4>\n