Build a Cyber Twin Dragon lab

Notes

My native language is Japanese.
I am currently studying English, so there may be mistakes.

Objective

In this project, we will create an environment to analyze Pcap, memory dumps, and malware.
This environment will be used by Cyberdefenders and other CTFs. Disk images will be added in the next issue.

Installation Environment

This time we will install Remnux and Securityonion on Ubuntu.

aoshi@aoshi-Standard-PC:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.4 LTS
Release:        20.04
Codename:       focal
aoshi@aoshi-Standard-PC:~$ 

Remnux

What is Remnux?

REMnux is a Linux distribution for reverse engineering and analysis of malware.

Step 1: Download the installer

aoshi@aoshi-Standard-PC:~$ wget https://REMnux.org/remnux-cli

Step 2: Rename the installer

aoshi@aoshi-Standard-PC:~$ mv remnux-cli remnux
aoshi@aoshi-Standard-PC:~$ ls
Desktop  Documents  Downloads  Music  Pictures  Public  remnux  Templates  Videos
aoshi@aoshi-Standard-PC:~$ 

Step 3: Change installer permissions

aoshi@aoshi-Standard-PC:~$ chmod +x remnux

Step 4: Move the installer to /bin

aoshi@aoshi-Standard-PC:~$ sudo mv remnux /usr/local/bin
[sudo] password for aoshi: 
aoshi@aoshi-Standard-PC:~$ 

Step 5: Run the installer in addon mode

aoshi@aoshi-Standard-PC:~$ sudo remnux install --mode=addon

Step 6: Reboot Ubuntu

aoshi@aoshi-Standard-PC:~$ sudo reboot

SecurityOnion

What is SecurityOnion

SecurityOnion is a Linux distribution for Network Secuity Monitoring.

Step 1:Download security onion repository

aoshi@aoshi-Standard-PC:~$ git clone https://github.com/Security-Onion-Solutions/securityonion

Step 2: Move the directory

aoshi@aoshi-Standard-PC:~$ cd securityonion/
aoshi@aoshi-Standard-PC:~/securityonion$ 

Step 3: Run the script

aoshi@aoshi-Standard-PC:~/securityonion$ sudo bash so-setup-network

Step 4: Select Yes and Enter

Step 5: Select Import and Enter

Step 6: Enter Agree and press Enter

Step 7: Enter hostname and press Enter

Step 8: Select Continue anyway and Enter

Step 9: Select Yes and Enter

Step 10: Select OK and Enter

Step 11: Select network adapter and Enter

Step 12: Select OK and Enter

Step 13: Select Direct and Enter

Step 14: Enter the address range of the network you wish to analyze and press Enter.

Step 15: Select an email address and Enter

This email address is used for Kibana login, so do not forget it.

Step 16: Enter your password and press Enter

Step 17: Enter the password again and press Enter

Step 18: Select IP and Enter

Here you will be asked about how to access the web console. This time, we will set it up with an IP.

Step 19: Select Yes and Enter

Step 20: Enter the address range or IP of the network to be accessed and press Enter

Step 21: Select Yes and Enter

Step 22: Select OK and Enter

Reference

• https://docs.remnux.org/install-distro/add-to-existing-system
• https://docs.securityonion.net/en/2.3/