Make sure you have downloaded the PFSENSE ISO.
Now to set it up.
Click on “Create a New Virtual Machine in VMWare
Click “Browse” and find where your PFSense ISO is located
Click “Next”
Now Rename your VM to whatever you want. I’m calling it “PFSense”.
Click “Next”
Leave the disk size on “20GB disk size”
Select “Split virtual disk into multiple files”
Click “Next”
Click Customize Hardware
Add 2GB of memory
Add 5 network adapters
Now, on “custom” give each network adapter its corresponding “VMnet”
Click “close” and start the VM
When it starts up, you will have to install so here are the steps:
Click “Install” and “Enter”
Select “UFS” and press ENTER
Click default “Entire Disk”
Select “MBR”
Use the default by pressing “Finish”
After it restarts it will bring you to this screen.
Enter option “1”
Should VLANS be setup now [y:n]? : n
Enter em0, em1, em2, em3, em4, & em5 for each question in order as shown below.
Do you want to proceed [y:n]? y
When you proceed it will bring you back to the main screen.
Enter option “2”
Start with the LAN Interface (2)
The Ip address will be 192.168.1.1 this will be used to access the pfsense WebGUI via the kali machine.
Cidr will be (24)
Enable DHCP server on LAN: 192.168.1.11 – 192.168.1.200
Follow the screenshots below.
Again select Option 2 from the main screen.
Then select Option 3
Ip address: 192.168.2.1
CIDR: 24
No other configurations. Follow the screenshots below
Now Enter Option (2)
Configure Option (4)
Ip Address: 192.168.3.1
CIDR: 24
Nothing else Configured. Details shown below
Enter Option (2)
We will not be doing Option 5/OPT3 (em4) because that will work as our span port.
So we will move on to Option (6)
Ip address: 192.168.4.1
CIDR: 24
Nothing else configured.
This is the final result.
Nothing else configured until we get into the PFSENSE WebGUI with Kali Linux.
Setting up Security Onion
Have Security Onion ISO Downloaded.
Create a New Virtual Machine >> Installer disk image file (enter Security Onion ISO) >> Next >> Rename (e.g. SecOnionSOC) >> Next >> Maximum disk size (200 – 400 GB) >> Split Virtual Disk as a single file >> Next
All shown in screenshots below.
Select Customize Hardware >> Memory ( 12 – 16 GB) >> processor 4 Minimum >> Add 2 Network Adapters (3 Total)
Network Adapter 1 = NAT
Network Adapter 2 = VMNet 4 (PFSense)
Network Adapter 3 = VMNet 5 ( This will be the Span Port to analyze the data coming in.)
Click “Close” and “Finish.
Let it set up all the way through till you get to this screen:
Type “Yes” >> Create a Username and Password (Do not capitalize the username).
Security Onion should automatically restart.
After it restarts you’ll need to log back in. It will then pull up it’s GUI.
Now Click “Yes” to continue >> Default Install >> Select (EVAL) >> Type “AGREE” >> Select (Standard) node
Leave default name or rename it >> Select the first/default NIC >> Use DHCP and click “Yes” on the next prompt >> Select Direct connectivity to the internet >> Leave Default Docker IP
Select the second interface (224) >> Type in your email & password >> Select IP to access web interface >> Allow access to Security Onion interface >> Type in home networks Ip address and Cidr block
Make sure everything is correct in the settings overview, if everything is correct go ahead and press “yes”.
The install will take some time.
After it’s done make sure to save the IP Address, and your Email and Password to get into security onion
Click “ok”
Now that it’s done we will setup a Ubuntu Server to be able to use Security Onion’s interface.
Setting up Ubuntu Server
Create a New Virtual Machine >> Select your Ubuntu Server ISO >> Next
Rename (e.g. SecOnionMgmt) >> Default Disk Capacity >> Default Custom Hardware >> Finish
Once it loads select your language preference >> Update Ubuntu and wait for restart >> Select keyboard language
Select ubuntu server for installation type >> Default network configuration >> Leave proxy address blank >> Default mirror configuration
Default storage configuration >> Configure your profile >> Skip ubuntu pro >> No ssh >> No server snaps >> Wait for install and reboot
Log back in >> Install a GUI (Command: sudo apt-get install ubuntu-desktop >> Reboot once done
Head to the Terminal/CLI >> Run “ifconfig” if it doesn’t work use this command to install net tools (sudo apt install net-tools)
Run “ifconfig” again, and take note of the “IP address” of the machine
Setting up So-allow
What you’ll need :
Security Onion & Ubuntu VM that is configured. Make sure to know the Ubuntu IP address (Crucial for set up).
Now on the Security Onion VM run this command: sudo so-firewall includehost analyst <IP address> –apply
Note: 2 (-) before apply in the command
If that command doesn’t work just do the cidr for the IP Address (e.g. 192.168.0.0/24)
Now head to Ubuntu VM >> Firefox >> Type in Security Onion IP address on the URL bar (The IP address that you took note of when setting up Security Onion). >> Accept the Risk >> Log in using the Email and Password you created when setting up Security Onion
That was the final step and Security Onion and SecOnionMgmt is complete. Next is setting Kali Linux so we can access PFSense GUI.
setting up Kali linux
On Vmware select Open a virtual machine >> Select Kali Linux VMX File >> Right click the VM and go to settings >> Add a network adapter >> Give the second network adapter VMnet 2
Start up both PFSense & Kali Linux VM
In Kali linux login in (username & password are both kali)
setting up PFSense Interface & Firewalll Through Kali Linux
With Kali & PFSense up and running head to firefox on Kali >> Type in 192.168.1.1 (PFSense default IP Address) in the URL >> Advanced >> Accept the Risk and Continue >> Login using the default Username (admin) & Password (pfsense)
Once in the PFSense head to “System” >> Setup Wizard >> Click next till Step 2 >> Change Primary DNS to 8.8.8.8 & Secondary DNS to 4.4.4.4 >> Next >> Change Timezone to yours >> Head to Step 5 and change the password >> Next >> Reload >> Finish
Once done head to interfaces >> Assignments >> Press on LAN interface >> Change description to “Kali” >> Save & Apply changes.
Now head to OPT 1/em2 in Interfaces >> Change description to “VictimNetwork” >> Save >> Apply Changes.
Now head to OPT 2/em3 in Interfaces >> Change description to “SecurityOnion” >> Save >> Apply Changes.
Now head to OPT 3/em4 in Interfaces >> Change description to “Span Port” >> Enable the Interface >> Save >> Apply Changes.
Now head to OPT 4/em5 in Interfaces >> Change description to “Splunk” >> Save >> Apply Changes.
This is how it looks when all the interfaces are set.
Go back to Interfaces & select “Bridges” >> Add >> The member interface will be ” VictimNetwork” >> Click Advanced >> Head down to Span Port and select the “SpanPort” interface >> Save
Head to Firewall >> Rules >> Add a rule on WAN >> Protocol (Any) >> Save >> Apply Changes.
That is the end of configuring PFSense. Next is configuring a Active Directory lab.
Setting up & Configuring the Windows Server Domain Controller
Create a New Virtual Machine >> Select “I will install Operating System Later” >> Next >> Select your Windows Server (I’m using 2022) >> Next >> Default Name >> Next >> Default Disk Capacity >> Next >> Customize Hardware >> Give the Default network adapter VMNET 3 >> New CD/DVD (SATA) >> Input the Windows Server ISO in ISO IMAGE >> CLOSE >> FINISH >> Start it up
Once it’s started click Install now >> Install the Desktop Experience >> Accept the terms >> Custom Setup >> Select the Drive and Click Next >> Once Installed setup a password >> Sign In
Head to Settings >> System >> About >> Rename PC to whatever you want >> Restart PC
Head to Control Panel >> Network and Sharing Center >> Click on your Ethernet >> Properties >> TCP/IPv4
IP Address: 192.168.2.10
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.2.1
Preferred DNS: 192.168.2.1
Press OK and Close Everything
Search for “Server Manager” in the Search Bar >> Go to “Manage” >> Add Roles and Features >> Click next till you get till “Server Roles” >> Select Active Directory Domain Services >> Add the feature >> Click “Next” till you get to “Confirmation” and “Install”>> Close
Click on the flag with an exclamation point >> Promote the server to a Domain Controller >> Select Add a New Forest & Name it anything with a .local at the end >> Put in a Password >> Click Next till Install > Restart PC once done.
Go back to Server Manager >> Manage >> Add Roles and Features >> Click Next till Server Roles >> Add Active Directory Certificate Services >> Add Features >> Click Next till you get to Confirmation & Install
Click on the Flag with an exclamation point >> Press Configure >> In Role Services add Certificate Authority >> Click Next till you get to Validity period and add 99 years >> In Conformation press configure >> Close >> Restart PC
Go back to Server Manager >> Tools >> Users and Computers >> Click on .local >> Users >> Right Click >> New >> User >> Name the user, give it a password, and check mark the box that says ” Password never expires” >> Finish
Since this is a lab environment we want to make this lab vulnerable. So we will be disabling the Firewall on the Windows Server.
In the Search bar type in Firewall >. Click on Windows Defender Firewall >> Click on Turn Windows Firewall Defender On or Off >> Turn everything off >> OK
That is the end of configuring the Windows Server. Next is going into PFSense and configuring the DNS Server.
Configuring PFSense DNS
Start up Kali Linux & PFSense & Windows Server VM >> Login to PFSense interface using Kali >> Services >> DHCP Server >> VictimNetwork >> Server >> DNS Server >> Put Windows Server IP Address in DNS Server (e.g. 192.168.2.10) >> Other Options >> Domain Name >> Put your domain name (e.g. Waiter.local)
Setting up Windows 10
Create a New Virtual Machine >> Browse & find Windows 10 ISO >> Rename or keep default >> Default Disk Capacity >> Customize hardware >> Change Network adapter to VMNET >> Finish
Once it has booted up click install now >> Select “I don’t have a product key” >> Select Windows 10 Pro >> Accept the license terms >> Custom Installation >> Click Next in Drive configuration >> Wait for Install
Once the Installation is complete pick your region >> Choose keyboard & Skip Second Keyboard >> Once you reach connecting to network select “I don’t have internet” >> Continue with limited setup >> Name it whatever you want just not the same name as the user you created in Windows server (e.g. I’m naming it Chad2) >> Setup a Password >> Accept or change privacy settings >> Don’t set up cortana just skip for now
Once Logged in in the search tab type in “view your pc name” >> Rename this PC >> Type any name you want (e.g. Workstation 1) >> Restart
Once it restarts in the search bar type in ethernet settings >> change adapter options >> ethernet0 >> Properties >> TCP/IPv4 >> IP Address (192.168.2.30) Subnet mask (255.255.255.0) Gateway (192.168.2.1) DNS (192.168.2.10) >> OK >> OK
Now type in the search bar “Access work or school” >> Connect >> Join Domain >> Type in your domain name (e.g.Waiter.local) >> Type in Windows Server Admin Username & Password >> Restart now
Setting up Splunk on Ubuntu
You’ll need the Ubuntu Server ISO to set this up.
Create a New Virtual Machine >> Browse & input the Ubuntu Server ISO >> Rename (e.g. Splunk) >> Maximum Disc Capacity (100GB) & Store virtual disk in a single file >> Customize Hardware >> Add a network adapter & change it to VMNET 6 (keep the other one default) >>Close >> Finish >> Start it up
Once it starts up select your language >> Update the new installer >> Select your keyboard >> Ubuntu server installation >> Default network configuration >> Default proxy configuration >> Default mirror address >> Default storage configuration >> Configure profile >> Skip Ubuntu pro >> Make sure OpenSSH Server is marked >> No server snaps
Let it install & reboot.
Sign in >> Run this command to setup a GUI (sudo apt-get install ubuntu-desktop) >> Reboot it one done with installation >> Log in >> Open up firefox >> Type in splunk.com >> Scroll down on the homepage in splunk.com >> Freee trials and downloads >> Click on Splunk enterprise free trial (60 day trial) >> Create you splunk account
Setting up Splunk on Ubuntu
Go to download Splunk Enterprise >> Linux version download (.tgz version) >> Save file >> Once done downloading open up a terminal >> Type (cd Downloads) then type (ls) a splunk download should show up >> Now type (tar xvzf “The full name of the splunk download”) >> Now type (ls) next (cd splunk) next (ls) next (cd bin) next (./splunk start) >> Agree with the license >> Create a Username and Password >> Take note of the Splunk web interface address >> Go to firefox and type in the splunk web interface address >> Sign in
