SOC Core Skills Instructions

HELLO ALL!

Below are the instructions to get your system ready for the SOC Core Skills class. Please do not run the VM from this course on a company laptop without the express permission from your IT department.

VMware Workstation

First, you will need the latest version of VMware.  

Download and Eval

You can get it here:

The Eval version should be fine.  

If you are using a Mac, you can use Fusion:

Alternative: VirtualBox

You could use VirtualBox, but it fails about 25% of the time on either networking or USB support.  You will need USB Support.   

If you hate yourself, use VirtualBox.

Otherwise, use VMware.  

BTW, we only officially support VMware for class troubleshooting!

We would advise against installing any updates; updates tend to break labs.

7-Zip

Next, you will need to download 7-Zip for your system.   We use 7-Zip because it is the most consistent for decompressing large files.  

Below are some options:

  • 7-Zip

https://www.7-zip.org/download.html

  • 7-Zip support for Linux:

https://itsfoss.com/use-7zip-ubuntu-linux/

  • 7-Zip utility for Mac:

https://www.keka.io/en/

Or

  • The Unarchiver:

https://theunarchiver.com/

Class Virtual Machine

Download

Next, you will need to download the class VM:

ADHD Win VM

https://introclassjs.s3.us-east-1.amazonaws.com/WINADHD03_21.7z

When? NOW!

It will take some time to get it downloaded.  Please start the process now…  

As in right now.  

At this very moment.  Unless you are on a cell network.

Then, get to a solid network connection.  Home?  A coffee shop parking lot?  A closed motel parking lot?  It does not matter.  Just someplace with a solid and fast internet.

Checksums

To check source integrity, please browse to the folder where the .7z file is located and run the following command in the command line:

certutil -hashfile WINADHD03_21.7z SHA256

You can use PowerShell to verify the source integrity with the following command:

Get-FileHash .\WINADHD03_21.7z -Algorithm SHA256 | Format-List

If you’re a MacOS user, please use the following command:

shasum -a 256 WINADHD03_21.7z

SHA-256 Hash
2a07e27ad1432ea32dd213bb74b1580243a51b9ed827f9d24ef2c6b378cf9584

Next, you will want to extract the .7z files to a directory on your system. The exact process will change based on your system. But, usually right-clicking and extracting the files with the 7-Zip tool you chose to install will do the trick.

Import Virtual Machines

Windows VMware

Next, we need to get the VM loaded in VMware.  

To do that, Open VMware. On the Home tab click on Open Virtual Machine (top red arrow). Browse to the location where you unzipped the VM file (7zip file). Open the WINADHD.vmx file (bottom red arrow).

Click the Power on this virtual machine button in VMware:

For Fusion on a Mac:

If you are using a Mac, you can also download and extract the VM.

For example, I am using the unarchiver:

https://theunarchiver.com/

This is just one tool that can be used. This will take a while.  Please be patient.

Within Fusion, please select File > Open.

Browse to the location where you unzipped the VM file (7zip file).

Open the WINADHD file and click “Start Up”.

Passwords

All passwords are just ‘adhd’ (no quotes).

Help!?

Here are some common errors you may get while loading the VM.

Virtualization and BIOS issues

All systems running VMware need to have virtualization enabled in the Basic Input/Output System (BIOS).  

Most systems have this enabled by default.  Every once in a while a system does not.

You may get errors like the ones below:

Here is an article with some helpful information on this topic:

https://kb.vmware.com/s/article/1003944

That article is a bit in-depth.  Another, easier way to deal with this is to simply Google “enabling virtualization in BIOS on <YOUR COMPUTER MAKE AND MODEL HERE>.

Windows Hyper V issues

Windows has its own virtualization framework called Hyper V.   

On some systems that are running Hyper V with the Windows Subsystem for Linux, there are some issues with compatibility.  You may see an error like the one below:

Here is a thread on this issue:

https://communities.vmware.com/thread/592148

You can usually fix this by running the following command from an elevated command prompt:

C:\>bcdedit /set hypervisorlaunchtype off 

Then, reboot your system.

If you have other issues, please feel free to contact us.

Fusion Issues

Some people have reported the following error: “Error: Could not open /dev/vmmon: Broken pipe, while launching the Virtual Machine”. To fix this, please check out this KB article: https://kb.vmware.com/s/article/80467.

MacOS Mini / Air Issues

MacOS users on the new Mini / Air with the M1 CPU cannot run the VM.

Slides

https://wildwesthackinfest.com/wp-content/uploads/2021/04/Intro_SOC_04_20_21.pdf

Chat During Training

Join the SOC Core Skills Discord server for live discussions during the training: https://discord.gg/MmRKwEpWwu

Questions?  Tech Issues?

Should you have any issues, feel free to ask in the #🆘tech-support channel in the SOC Core Skills Discord server.

Thanks!