💥💥🚨🚨 Join us 3/23 4:30PM EST LIVE ruclips.net/user/liveP_Kl2EnF8_A as we interview Eric Capuano the author of this incredible lab and get ALL of your questions answered! ruclips.net/user/liveP_Kl2EnF8_A
Hi! Thanks for the walkthrough) Please help: got stuck at [!] rpc error: code = Unknown desc = Incorrect function while running "procdump -n lsass.exe -s lsass.dmp". Can't detect by filtering for “SENSITIVE_PROCESS_ACCESS” events.
Just putting this here cause it gave me headaches for when creating sessions commands roun 31:35 ( when using http command) My implant was not able to like run or get install mainly do to the port being use (CHECK WITH THIS COMMAND : ps -fA | grep python) then: 1. Once you run python3 -m http.server 80 ( needs to be killed) 2. lsof -nti:PORT_NUMBER | xargs kill -9 ; where PORT_NUMBER = 80 DO this only after using the http commands gets stuck and not responding
I’m glad you’re doing this…. I’m working through the blog posts and ran into a snag. Working through the snag and hopefully I’ll have it fixed before your video posts tomorrow. If not, you’ll be a good reference.. LOVE YOUR CONTENT.. Thanks, future cyberpreneur
NOW WE NEED A SECOND PART LAB , this was very informational and interactive to some stuff that goes to much in theory basis. I see the video itself doesnt cover Part 4 of the lab were we do take care of action. Also does any one know if you will get charge then later with the Lima Thing if we dont delete stuff
I made this video before part 4 was written and a follow up video would be cool. I believe Lima Charlie is free up to two agents but you have to verify that. Subject to change
Thank you for this lab but I'm having trouble at the setup attack system step in part 1. I enter the command ssh user@[Linux_VM_IP] and then say yes to add it. But my password says permission denied. Ive restarted the entire Ubuntu process twice and tried making a new pass but still no luck. Im not using the wrong IP address, password, and i even checked to make sure port 22 was open. IDK what else to do.
Just a heads up. If you are doing this on a Windows 10 host, and you get a "Virtualized AMD-V/RVI is not supported on this platform" error, you may need to turn off Hyper-V and WSL2 in Programs and Features.
@@SimplyCyber I saw the tip you provided in your follow-up video with Eric Campuano. It unfortunately did not work for me (because I had both Hyper-V and WSL2??). Whatever. Five minutes of troubleshooting and I was back in the game. This is a great lab. Thanks to both you and Mr. Campuano.
Not sure what I did wrong here but when I try "sessions' it just comes up as empty. I have the payload on the windows VM executed and Jobs shows TCP port 80. Attempted to start from scratch and even rebooted the linux machine and can't seem to get passed this issue. I'd love to finish this project but sadly hung up on this one thing
Depends on the chip in the Apple. M chips I don’t think so. You just need to run a hyper visor solution basically so you can run two vm and network together
so I am unsure if this will get noticed since the video is a year old, 'SENSITIVE_PROCESS_ACCESS' does not show up in LimaCharlie's timeline for me at all. Have consulted chatGPT with this and I cannot figure out why this is not showing up in my timeline. I am at the part where you run 'procdump', I verified that the filter is in the event collection portion but does not allow me to add as filter in timeline, nor does it show up when typing. The vm that was linked in the blog has been disabled on Microsofts website due to "technical" issues, so I created a regular windows vm and maybe thats the issue? I haven't had issues with anything except this particular filter. Any help would be appreciated.
Same issue here, I get the rpc error like the one in the video. It says not too worry because the telemetry will still be logged........Mine doesn't show up. Really wanted to be able to set up some detection rules
Awesome lab!! Just a few questions. It seems that some of the order of the blog don't go along with the one or two steps in your video demonstration. Was there an update to the blog post? Thank you for the vid, learning a lot!!!
You're doing this on a Windows host but I run Linux Mint. Assuming I use VMWare for linux will I have any issues or should I get a computer that runs Windows as a host? (I don't run windows at all, only MacOS and Linux)
why did the everything after saving the state of the windowsVM deleted? it jumps from saying the next steps r going to b in ubuntu linux to the next steps are going to b from the host os. the video shows the extra steps missing to obtain the IP address and gateway. then shows how to configure the network for ubuntu but all of that is missing in the blog. did I miss something? i also continued with the video but when I pulled up my network settings the word address wont turn green and it aborted the yaml file.
need some help.....around 22:38 in the video the command nano /etc/netplan/00-installer-config.yaml is executed but in my VM I'm getting a blank screen in the GNU, where do i go wrong?
Looked quick. Not sure if you have to but this site says you have to run “net plan generate” if file doesn’t exist. billysoftacademy.com/how-to-set-a-static-ip-address-on-linux-ubuntu-server-20-04-lts/
Hi Gerald, what is your advice for a person that wants to get into cybersecurity, but is wheelchair bound? My mind is still sharp, just my legs don't work like they use too. By the way, I'm currently taking your GRC Master Class.
Hi Gerald. I’m stuck on the setup Silver at the end of part 1 in Eric’s blog. I am following this video as well. After entering sudo su, and the sudo password prompt comes up, what do I do next? This step was left out of the video. Before when I tried this, I copied and pasted in the sliver download block from the blog. However it asked me to try again with the password. Can you advise. Thanks.
I'm about to try this but I'm confused at the outset. What are you downloading VMware and the two VMs onto? Is it a windows machine or a linux machine?
@@SimplyCyber ok great! so you make a ubuntu vm for the attacker and a windows vm for the target. what if i took a spare machine i have and put ubuntu on it to serve as the attacker and then just setup the windows vm? would your video still appy?
For some odd reason my http listener closes as soon as I open it. I also had an issue with the windows vm retrieving the payload file, which I was able to get to work via ufw http port. I tryed my best to follow right along lol.
I can't windows to retrieve the payload file either. It says it can not find part of the path "C:\users\user\downloads\etc... On my SSH into my Linux VM, it then says "Errno 104 connection reset by peer" I can't figure out what the issue is.
anyone else stuck on Part 2 task 3? Im able to generate --http [linux_VM_IP] --save /opt/sliver. but after I exit im not able to cd into /opt/sliver even though it says "File exists" when I try to mkdir /opt/server. Also when typing command "locate /opt/sliver" i am able to find it. just not able to cd into it and it doesnt appear to generate payload onto /opt/sliver
@simplyCyber I've noticed you're able to highlight so many things effectively in your videos. Could you kindly share the method or tools you use to achieve those eye-catching highlights? Your editing skills are impressive and I'd love to learn from your technique. Thanks a lot. Regarding the VM Pro station license, I see there are two options: 'Buy' for $199 and 'Upgrade' for $99. I'm a bit unsure about which one would be the best fit for me. Could you please clarify the differences between these options and provide some guidance on which one would be more suitable? I appreciate your help
New to this. When I try to open virtualization form it says VMware workstation Failed to read from file. Is this familiar or should I just redo everything?
I’m getting the same…did you manage to solve? I attempted this lab a few months ago and didn’t have this issue but was unable to complete it due to time constraints, and now that I have time, I keep getting this. Very frustrating. Will troubleshoot tonight.
Is there anyone who has a problem with getting "debug" enabled? I tried restarting sessions and did it from admin cmd and admin PowerShell and nothing helped.
Sorted -_- . A bit of focus and 2 hours of going backward and forward through documentation. One more reminding to me about how respectful and careful you should be with instructions.
Hii everyone, I somehow stuck on generating first C2 session payload. There was error saying, rpc error: code = Unknown desc =invalid compiler target: windows/amd64
Some of my notes from running running windows 11 as the base OS and VMware Workstation 17.x: I ran the bcedit command but was still getting the nest vm error when trying to start up the Windows vm. I went to Windows security > Data Security > Core Isolation > turn off memory integrity and rebooted and the windows dev VM was able to boot On the windows 11 dev box I wasnt getting any kind of internet so sysmon download was failing. This might have been a misconfiguration on vmware workstation/bridged interface. I shutdown the vm and removed both the NAT and host only network cards. Re-added the nic and set it to bridge and was able to download the files. (need to move it back to NAT and test to make sure it works) as I walk through this
Thanks for passing along your information. Saved me and hopefully a lot of other people the trouble. I ran the bcedit command as well and was still not getting the start up. Got it running after going into Windows Security > Device Security > Core Isolation. Respect!
I am having issues when trying to save the implant in /opt/sliver. I am using a MACBOOK pro M1. I keep getting: [*] Generating new windows/amd64 implant binary [*] Symbol obfuscation is enabled [*] Build completed in 23s [!] Failed to write to: /opt/sliver Any advice please?
I'm probably rather backwards from most people looking to get into this field. I've been using Linux as a daily driver desktop OS for around 15 years, and at this point I find Windows somewhat intimidating. 🙂 Damn slashes go the wrong way.
Hey Randall! Thanks for watching the video. It depends on the system that you are running but if you type into google: "ubuntu iso download". From there, just download what you need. Let me know if there is anything else I can help you with. Also, If you join the discord there are Thousands of students taking this course as well. Hope to see you there!
@SimplyCyber Can you share the resume bullet points for this lab like josh madakor does in his tutorials. Those are very helpful instead of messing up.
why am i unable to import the MS VM: WinDev####Eval.ovf I keep receiving an error: Error while converting to a virtual machine: Failed to read from file: C;\Users\....\AppData\Local\Temp\f9f953fa-f03f-40b8-88ce-32e75939dfb9_WinDev 2310 Eval.VMWare.zip.fb9\WinDev 2310 Eval-disk1.vmdk.
For some reason @25:37 I got the following error in the windows terminal "ssh: connect to host ip port 22: connection refused" but when I did it from the Linux terminal it worked @gerald, could you please tell me why that is.
![Noob To Max With DRAGON REWORK In Blox Fruits [FULL MOVIE]](http://i.ytimg.com/vi/LnBMOinoOvA/mqdefault.jpg)
💥💥🚨🚨 Join us 3/23 4:30PM EST LIVE ruclips.net/user/liveP_Kl2EnF8_A as we interview Eric Capuano the author of this incredible lab and get ALL of your questions answered! ruclips.net/user/liveP_Kl2EnF8_A
Hi! Thanks for the walkthrough) Please help: got stuck at [!] rpc error: code = Unknown desc = Incorrect function while running "procdump -n lsass.exe -s lsass.dmp". Can't detect by filtering for “SENSITIVE_PROCESS_ACCESS” events.
Just putting this here cause it gave me headaches for when creating sessions commands roun 31:35 ( when using http command)
My implant was not able to like run or get install mainly do to the port being use (CHECK WITH THIS COMMAND : ps -fA | grep python) then:
1. Once you run python3 -m http.server 80 ( needs to be killed)
2. lsof -nti:PORT_NUMBER | xargs kill -9 ; where PORT_NUMBER = 80
DO this only after using the http commands gets stuck and not responding
Bookmark this one and keep coming back to it over and over again. The amount of value in this will bring you to the next level.
Just download the video.
I’m glad you’re doing this…. I’m working through the blog posts and ran into a snag. Working through the snag and hopefully I’ll have it fixed before your video posts tomorrow. If not, you’ll be a good reference.. LOVE YOUR CONTENT.. Thanks, future cyberpreneur
Thank you! ❤
I love how Gerald put Sudo command to elevate permissions on the Windows command prompt. That got me laughing. Love it.
YES! we need more videos like this, something to put on a resume.
Working on a honeypot vid
Gerald! I love your way of teaching and interaction , currently enrolled in GRC Analyst Course & you are literally amazing.
Just completed part 2 in VirtualBox, totally doable. Thank you for this amazing resource!
VirtualBox!?
How did u manage to ssh from the windows vm to the ubuntu. Did u use nat or bridged adapter
@@yamin1702 NAT
great as always. enjoyed the background music. Had to go through some items 3x to figure out what happening but all good.
Would this lab be possible to set up on a Macbook Pro?
NOW WE NEED A SECOND PART LAB , this was very informational and interactive to some stuff that goes to much in theory basis.
I see the video itself doesnt cover Part 4 of the lab were we do take care of action. Also does any one know if you will get charge then later with the Lima Thing if we dont delete stuff
I made this video before part 4 was written and a follow up video would be cool. I believe Lima Charlie is free up to two agents but you have to verify that. Subject to change
This is an incredible resource. Thanks Gerald and Eric!
Thank you for this lab but I'm having trouble at the setup attack system step in part 1. I enter the command ssh user@[Linux_VM_IP] and then say yes to add it. But my password says permission denied. Ive restarted the entire Ubuntu process twice and tried making a new pass but still no luck. Im not using the wrong IP address, password, and i even checked to make sure port 22 was open. IDK what else to do.
This was really fun, thank you for posting. Can't wait to try more advanced activities
typed in the command prompt. because it kept failing on me. Says it ran successfully but I am still getting the same message? any clue?
Where did kali come from at 21:28 was I suppose to download that
Not part of lab. I just rewatched and I think I accidentally launched kali.
@@SimplyCyber you had me looking everywhere in that article. I was like i obviously missed a step
@@DWJ92 sorry friend
Just a heads up. If you are doing this on a Windows 10 host, and you get a "Virtualized AMD-V/RVI is not supported on this platform" error, you may need to turn off Hyper-V and WSL2 in Programs and Features.
awesome tip. Thanks!
@@SimplyCyber I saw the tip you provided in your follow-up video with Eric Campuano. It unfortunately did not work for me (because I had both Hyper-V and WSL2??). Whatever. Five minutes of troubleshooting and I was back in the game. This is a great lab. Thanks to both you and Mr. Campuano.
@@gmalo2105 how did you fix it in the end?
Not able to unzip the VMware workstation file. I only see the executable to install and no WinDev####Eval.ovf file.
Not sure what I did wrong here but when I try "sessions' it just comes up as empty. I have the payload on the windows VM executed and Jobs shows TCP port 80. Attempted to start from scratch and even rebooted the linux machine and can't seem to get passed this issue. I'd love to finish this project but sadly hung up on this one thing
Does this work only in windows, or it is the same process too in Apple Mac?? Thanks!
Depends on the chip in the Apple. M chips I don’t think so. You just need to run a hyper visor solution basically so you can run two vm and network together
so I am unsure if this will get noticed since the video is a year old, 'SENSITIVE_PROCESS_ACCESS' does not show up in LimaCharlie's timeline for me at all. Have consulted chatGPT with this and I cannot figure out why this is not showing up in my timeline. I am at the part where you run 'procdump', I verified that the filter is in the event collection portion but does not allow me to add as filter in timeline, nor does it show up when typing. The vm that was linked in the blog has been disabled on Microsofts website due to "technical" issues, so I created a regular windows vm and maybe thats the issue? I haven't had issues with anything except this particular filter. Any help would be appreciated.
Same issue here, I get the rpc error like the one in the video. It says not too worry because the telemetry will still be logged........Mine doesn't show up. Really wanted to be able to set up some detection rules
I watched this one first and then watched the first 20 min video, :)
Awesome lab!! Just a few questions. It seems that some of the order of the blog don't go along with the one or two steps in your video demonstration. Was there an update to the blog post?
Thank you for the vid, learning a lot!!!
You're doing this on a Windows host but I run Linux Mint. Assuming I use VMWare for linux will I have any issues or should I get a computer that runs Windows as a host?
(I don't run windows at all, only MacOS and Linux)
why did the everything after saving the state of the windowsVM deleted? it jumps from saying the next steps r going to b in ubuntu linux to the next steps are going to b from the host os. the video shows the extra steps missing to obtain the IP address and gateway. then shows how to configure the network for ubuntu but all of that is missing in the blog. did I miss something? i also continued with the video but when I pulled up my network settings the word address wont turn green and it aborted the yaml file.
How do I add this to a website and reference it on my resume? Thank you.
How to show to employers your home lab soc experience #cybersecurity #secops
So awesome! I’m going to do this thank you!
need some help.....around 22:38 in the video the command nano /etc/netplan/00-installer-config.yaml is executed but in my VM I'm getting a blank screen in the GNU, where do i go wrong?
Looked quick. Not sure if you have to but this site says you have to run “net plan generate” if file doesn’t exist. billysoftacademy.com/how-to-set-a-static-ip-address-on-linux-ubuntu-server-20-04-lts/
I'm going to follow this along, but with VirtualBox. :)
4:27 VMWare error requested power operation is already in progress and powershell fix
I tried this fix and it didnt work for me
Ooof . That’s unfortunate
@@SimplyCyber should I just download a windows iso and perform the tasks ?
hey , I was just stuck on this I did not extract my files so that's why I kept getting the error
Hi Gerald, what is your advice for a person that wants to get into cybersecurity, but is wheelchair bound? My mind is still sharp, just my legs don't work like they use too. By the way, I'm currently taking your GRC Master Class.
Can a person in a wheelchair work in cybersecurity? #cybersecurity #career
Hi Gerald. I’m stuck on the setup Silver at the end of part 1 in Eric’s blog. I am following this video as well.
After entering sudo su, and the sudo password prompt comes up, what do I do next?
This step was left out of the video. Before when I tried this, I copied and pasted in the sliver download block from the blog. However it asked me to try again with the password. Can you advise. Thanks.
Sounds like you need to input the root password to authenticate sudo su
I'm about to try this but I'm confused at the outset. What are you downloading VMware and the two VMs onto? Is it a windows machine or a linux machine?
i run windows.
@@SimplyCyber ok great! so you make a ubuntu vm for the attacker and a windows vm for the target. what if i took a spare machine i have and put ubuntu on it to serve as the attacker and then just setup the windows vm? would your video still appy?
What happen after VMware 17 Pro free trial ended? Will it automatically purchasing the license?
I found a license key on GitHub
Thank you for sharing this lab. However, I'm getting destination host unreachable. I dont know what to do.
Is it the same settings in VirtualBox? Or downloading VMware best for this lab?
i cant speak to vmware. i belive you can do it in virtualbox, but you wont be able to find the blog verbatim and just swap virtubalbox for vmware
Hello Gerald, Thank you for sharing this. Can you help with sharing information on how to achieve this on Mac Silicon systems? Thanks.
Idk if that hardware supports 🤷♂️. Sorry friend
For some odd reason my http listener closes as soon as I open it. I also had an issue with the windows vm retrieving the payload file, which I was able to get to work via ufw http port. I tryed my best to follow right along lol.
I can't windows to retrieve the payload file either. It says it can not find part of the path "C:\users\user\downloads\etc...
On my SSH into my Linux VM, it then says "Errno 104 connection reset by peer"
I can't figure out what the issue is.
I'm stuck here too. Did anyone figure it out?
anyone else stuck on Part 2 task 3? Im able to generate --http [linux_VM_IP] --save /opt/sliver. but after I exit im not able to cd into /opt/sliver even though it says "File exists" when I try to mkdir /opt/server. Also when typing command "locate /opt/sliver" i am able to find it. just not able to cd into it and it doesnt appear to generate payload onto /opt/sliver
I am, and I am not able to resolve it. have you or anyone resolved it?
@@benettogeorge2169 yes. You need to just create a folder and transfer the executanble in it
Can I follow the same steps with VMWare Workstation Pro 17 for Linux?
Or do I need a Windows machine as the host?
Sure that will work . Long as you have a Linux and windows vms for ur lab
During part 1 you didn't change the dhcp (While installing ubuntu) to static like Eric did in blog. Any particular reason for that?
This video is almost a year old, I think the blog was updated since then so Gerry didn't have to follow that step I believe.
@simplyCyber I've noticed you're able to highlight so many things effectively in your videos. Could you kindly share the method or tools you use to achieve those eye-catching highlights? Your editing skills are impressive and I'd love to learn from your technique. Thanks a lot.
Regarding the VM Pro station license, I see there are two options: 'Buy' for $199 and 'Upgrade' for $99. I'm a bit unsure about which one would be the best fit for me. Could you please clarify the differences between these options and provide some guidance on which one would be more suitable? I appreciate your help
a lot of information is out of date on this video, stuck on the Lima Charlie task.
Thx I’ll check a Eric and see what’s changed
Can you give me a time stamp at where it’s changed or ur stucj
@@SimplyCyber 16:30 and moving forward with setting up Lima Charlie. Also is this being set up in the windows VM or on the operating OS?
@@SimplyCyber Also, all the commands using Invoke-WebRequest are invalid for Symon. At least for me, maybe I'm doing something wrong?
New to this. When I try to open virtualization form it says
VMware workstation
Failed to read from file.
Is this familiar or should I just redo everything?
I’m getting the same…did you manage to solve?
I attempted this lab a few months ago and didn’t have this issue but was unable to complete it due to time constraints, and now that I have time, I keep getting this. Very frustrating. Will troubleshoot tonight.
Do I need VMware workstation PRO or does PLAYER work too?
The free version that hits vms is all you need. Look at the blog post in the description for links. I think player is enough
Does it have to be a VMware pro?
Is there anyone who has a problem with getting "debug" enabled? I tried restarting sessions and did it from admin cmd and admin PowerShell and nothing helped.
Sorted -_- . A bit of focus and 2 hours of going backward and forward through documentation. One more reminding to me about how respectful and careful you should be with instructions.
Hii everyone, I somehow stuck on generating first C2 session payload. There was error saying, rpc error: code = Unknown desc =invalid compiler target: windows/amd64
Some of my notes from running running windows 11 as the base OS and VMware Workstation 17.x:
I ran the bcedit command but was still getting the nest vm error when trying to start up the Windows vm.
I went to Windows security > Data Security > Core Isolation > turn off memory integrity and rebooted and the windows dev VM was able to boot
On the windows 11 dev box I wasnt getting any kind of internet so sysmon download was failing. This might have been a misconfiguration on vmware workstation/bridged interface. I shutdown the vm and removed both the NAT and host only network cards. Re-added the nic and set it to bridge and was able to download the files. (need to move it back to NAT and test to make sure it works) as I walk through this
Thanks for passing along your information. Saved me and hopefully a lot of other people the trouble. I ran the bcedit command as well and was still not getting the start up. Got it running after going into Windows Security > Device Security > Core Isolation. Respect!
@@demariojernigan4776 Glad to hear it helped someone else out!
31:11 The payload isnt showing up in my downloads for some reason
I am having issues when trying to save the implant in /opt/sliver. I am using a MACBOOK pro M1. I keep getting:
[*] Generating new windows/amd64 implant binary
[*] Symbol obfuscation is enabled
[*] Build completed in 23s
[!] Failed to write to: /opt/sliver
Any advice please?
Are u in the /opt/sliver directory, if not then that could be the problem
@@yamin1702 I was. I think the problem is the M1
Please I have a question sir, I want to go into GRC, should I go for networking by learning the CompTIA net+. Thanks 🙏
Do you need to know networking to work in GRC? #cybersecurity #career
Can I do it with a M1 chip laptop?
I'm probably rather backwards from most people looking to get into this field. I've been using Linux as a daily driver desktop OS for around 15 years, and at this point I find Windows somewhat intimidating. 🙂 Damn slashes go the wrong way.
Where did you get the Ubuntu iso image from?
Hey Randall! Thanks for watching the video. It depends on the system that you are running but if you type into google: "ubuntu iso download". From there, just download what you need. Let me know if there is anything else I can help you with. Also, If you join the discord there are Thousands of students taking this course as well. Hope to see you there!
@@SimplyCyber ok thank you so much
@SimplyCyber Can you share the resume bullet points for this lab like josh madakor does in his tutorials. Those are very helpful instead of messing up.
why am i unable to import the MS VM: WinDev####Eval.ovf
I keep receiving an error: Error while converting to a virtual machine: Failed to read from file: C;\Users\....\AppData\Local\Temp\f9f953fa-f03f-40b8-88ce-32e75939dfb9_WinDev 2310 Eval.VMWare.zip.fb9\WinDev 2310 Eval-disk1.vmdk.
Tough problem yo troubleshoot. Could be corrupt image. Would Google issue and troubleshoot that way
@@SimplyCyber Iv re-downloaded the image a number of times but still the same. Does it need to be windows develeoper, can I used win10 iso
For some reason @25:37 I got the following error in the windows terminal "ssh: connect to host ip port 22: connection refused" but when I did it from the Linux terminal it worked
@gerald, could you please tell me why that is.
Make sure when you deployed Ubuntu you selected the ssh option
@@SimplyCyber I installed ssh using sudo install as I'm doing it using virtual box
@@yamin1702 ok. I used VMware so not sure w virtual box. Make sure right creds, service listening on 22, network connection is allowed…. 🤷♂️
@@SimplyCyberthanks I'll try these options, if they don't work then I'll just switch to vmware
@@SimplyCyber it's fixed, I just had to change the network type from nat to bridged
(22:39 mark) had to use /etc/netplan/*