Want to get started with NSM? I have a few projects for you (Building Virtual Machine Labs, Autosnort3, Autosuricata)

Hey folks

I wanted to share a little bit of information about some side projects that I have been maintaining for a few years.

Building Virtual Machine Labs: A Hands-on Guide

First and foremost, I wrote a book called Building Virtual Machine Labs: A Hands-On Guide (Second Edition). For those who are interested, you can find physical copies (in color, or in black and white) on Amazon, or you can download a PDF via leanpub.com/avatar2.

Fair warning, the physical books are huge, there are two volumes, its a little pricey due to Amazon’s changes to how royalties and printing costs work.

The digital edition on the other hand is ‘pay what you want’. That also includes zero dollars (free). Register an account on leanpub, then add the book to your cart, making sure to set the cost slider as far to the left as you can until it reads free.

As I mentioned a second ago, the book has a huge page count, because its very thorough, and littered with images and flow charts to help guide readers and visual learners alike. But don’t be intimidated by how much content there is.

My book is kind of structured like a ‘choose your own adventure’ story. The first couple of chapters help readers establish the foundations on what virtualization is, types of virtualization, good practices, and how the lab environment is designed, while the “middle chapters” of the book are where the reader gets to choose what hypervisor they want to use. You can choose:

  • Oracle Virtualbox on Windows, Linux or MacOS
  • Microsoft Client Hyper-V (on Windows 10 or Windows 11 Professional/Education editions)
  • VMware Workstation on Linux or Windows
  • VMware ESXi
  • VMware Fusion (on x86_64/Intel)

Readers are guided through the initial setup steps for installing their hypervisor, configuring the virtual network, and are guided through the steps necessary to set up their first Virtual Machine, pfSense.

Afterwards, readers jump to a chapter to finish setting up their pfSense VM for the lab environment to provide core network services for the lab environment, then are instructed to jump back to the hypervisor setup guide to create the remaining virtual machines for the lab environment.

After creating the virtual machines, readers are guided to the “end-game” chapters where they learn how to establish secure remote access to their virtual machines over SSH. There are dedicated chapters for setting up secure remote access for hosted, as well as bare-metal hypervisors. The big difference between the chapters is that the bare-metal hypervisor users can learn how to create a “jump box” for SSH tunneling to lab virtual machines as well as how to use their jump box as a SOCKS proxy for HTTP/HTTPS traffic to lab VMs.

In the final chapters, readers learn how to setup and install either Snort3 or Suricata, as well as Splunk for IDS log management. Once readers have completed the “baseline” lab environment, I provide them with recommendations on how to customize their lab environment to better fit their individual needs.

My book includes a lot of extra content to help harden the lab environment or expand it, guidance on where to find supplementary training and materials, as well as troubleshooting guidance, should problems come up while working on the lab environment. I hope you enjoy it. I’m always open to constructive criticism, so let me know what you think.

Autosnort3 and Autosuricata

Now, aside from the book, I also wanted to draw attention to a couple of automation scripts I made for the book, but can be used separately as needed: Autosnort3 and Autosuricata.

Autosnort3 is a script that performs all of the necessary actions to compile the latest build of snort3 (with hyperscan support), libdaq, snort3_extras, and openappid from source, and enable them for use. More information on what exactly the script does and how to use can be found in the readme.md

Likewise, Autosuricata is a script that performs all of the necessary actions to compile the latest build of Suricata, and enable it for use. The project’s readme.md goes into great detail on what actions the script performs and its use.

Please be aware that none of these projects are considered the property of ProofPoint or the Emerging Threats team. There there is no contract or guarantee of support for these resources, implied or otherwise. Any support or assistance with these scripts or my book is from my personal best effort, and may be limited in nature depending on my availability.

That aside, I hope you find these resources useful. As always, Good luck, and happy hunting.

-Tony “da_667” Robinson

1 Like