Welcome to Part 1 of my Ultimate Cybersecurity Lab Project! If you want to get hands on across networking, firewalls, cybersecurity, docker and containers then this is the perfect project for you!!
how did you connect and receive three networks to the computer from the server means that "The Ultimate Cybersecurity Lab" AWS, AZURE, GCP but where did you get it and where are you connected and how did you do it with proxmox I want to know step by step
but I need quite a configuration but how do you get WAN on LAN so that you have WAN to add internet access and LAN should work internet u pfsense topic too fast so he did after step firewal quite and with also players and everything too fast I don't know where you got it from I know that the computer with the server was bought and you bought internet access with the AWS donor, google cloud,cloudflare i don't know where you did such things really too fast
Great video. For those who are unable to start the Ubuntu VM because of the error, "no physical interface on bridge 'vmbr2' error", please ensure the "vmbr0" bridge that is connected to the physical interface is VLAN aware and do not add the IPv4/CIDR for the vmbr1 Linux bridge. For any particulr VM just add the VLAN tag in the network properties.
Ran into this and had me stumped for about 30 min. Google helped me move forward and then next day I re-watched the firewall piece and noticed Gerard mentioned this, I just totally skipped over it.
Correction: Please DON'T rush it, as that's what makes potentially great youtube series fail. "Pumping out videos too fast" == quality suffers. So, Take your time, we wait 😊🤘🏻
God-send tutorial! Love the simplicity with the explanations, and actually showing each step in an efficient manner. Can't wait to build the rest of the system! FYI: for anyone replicating this in VMWare Workstation, since there isn't a specific option to tag the VLAN IDs in the Ubuntu and Kali VMs network adapter settings, the pfsense VM should have 5 NICs in total. If you already went through the process of setting up the VLANs configuration in the browser, all you have to do is add 3 more NICs to the pfsense VM. I used vmnet2,3,4,5 mapped to LAN,VLAN10,VLAN20,VLAN30 respectively. Then just go into pfsense and re-assign the interfaces and it should automatically map the VLANs to each other NIC. The kali vm can have the vmnet3 NIC and ubuntu can have the vmnet5 NIC and when you check each of them, the IP should automatically be mapped within the .50-.100 range as configured in pfsense and ping tests should work! Had to jump through hoops to figure this one out :)
Great explanation and thanks so much for sharing this. I'm planning to make a video around this as a lot of people have asked about using other products! Thanks again!
I have learned more in this one video than I have in just about every other video on this topic combined. Very impressive and thank you for putting all this together.
A really good no nonsense tutorial. Every single step well explained and demonstrated. Really looking forward to seeing future videos. Thank you for your time and effort making this fantastic tutorial.
Love the lab and video series - I had a vsphere lab for work and sold everything off. Now, I have acquired some reasonable gear to walk thru these awesome security scenarios and add on some fun. Thanks again!
Hey - thanks so much for making this. I already had an extra proxmox node and some general self-hosting skills, so this video was easy enough to follow along with. I'm not as familiar with some of the tools in the upcoming vids so I'm excited to learn and see if I can keep up. Just wanted to say I appreciate the effort. Thanks
great video! Subbed to follow for the next parts. One thing I'd appreciate more of (perhaps in upcoming videos) is further details/explanation around your network segmentation and firewall rules you put in place, both on proxmox and pfsense. My thoughts are highighting best practices for creating a "secure" cyber-security home lab that is isolated from your primary network. Keep up the great work! I'll be following along building my own
Hey there, great idea! I'll keep it in my notes for upcoming videos. Would be pretty easy to add an additional secured VLAN behind the firewall.. could lock access down so its only accessible from the Kali machine. Thanks
Tested and verified the lab. I tried this lab by nesting Proxmox inside VMWare Workstation itself and it still run very fast. The only minor mistake is the network diagram in VLAN30 showing 10.30.30.0/24 instead of 10.10.30.0/24 at this time code where i saw it ua-cam.com/video/XIvn0ZDSmKA/v-deo.html
Dude! I love this, to the point and easy to understand. It took me 2 days to figure out how to get the firewall connected on other tutorials! keep up the good work. moving onto part 2 , and 3 today
Great video! looking forward to the rest of the series. A hint for adding sudo in front of pasted command, just press home button on your keyboard instead of left arrow key :)
Tip: if you click the link at the end of the docker install page, they show you how to add your user to the docker group so that you don't have to type sudo before every docker command.
great video! subbed to follow for the next parts. One thing I'd appreciate more of is the minimum hardware requirements ~ disk space/ ram requirements etc. Will one network port be okay or is 2+ preferred. Going to repurpose an old PC. Thanks again
Hey mate! One network port is fine for this, thats what I'm using! In terms of hardware, all i can say is the more the better, my server has 256gb ram thats why I've been very generous to the vm's. Theres gonna be allot of machines running at the end, id recommend 64gb at least. If you dont have that, just turn on and off each machine as you want to use them. Obviously firewall will need to remain on all the time. Hope that helps! Gerard
I came here for the exact same question. I was going to ask about the specs as well. I tried doing something similar before on a laptop, and Security Onion was running so slowly that I really couldn’t run it with other VMs. The H/W specs are super important. 256Gb RAM?? WOW!!!
Amazing video, to the point. Exactly what I was looking for. I just had one doubt, when you created the firewall rules such that VLANs can communicate only within their VLANs, how did Kali in VLAN1 ping VLAN30 Ubuntu device?
Hey, I'm curious, why put the SIEM and similar IDS/IPS tools on the Kali subnet? I would have thought to put that in line with the endpoint subnets (Docker, AD/Windows, and vulnerable apps), and the Kali/PenTest platform on the 'outside'. I've worked for 2 years in a SOC and just starting to get more into virtualization and cloud, so super excited about this series. I'll be sharing these with my coworkers for sure! :)
Hey mate, Kali lives in that default subnet as I needed it first before I could log into the firewall and create additional vlans. For other segmentation, having those tools in separate vlans was just for fun, no real design principle behind it so feel free to place tools in whatever vlan you want. At some point i might replace the firewall with something else...maybe checkpoint or palo alto.. once i have that ill segment the vlans and add some rules. Glad you like the lab so far!
you really need an ids/ips distro going here to monitor and record all packets 24/7 plus a ssl proxy like polar proxy would be helpful also - buckle in if you are going to install security onion - it is a pretty big install and takes lots of ram, others are malcolm and selks - you probably want a machine with 64gb ram
@@gerardobrien do an update with the siem box and proxy included - unfortunately guidance from distro makers is fairly skewed selks says 16gb and 4 cores is ok, seconion is quite a bit more and malcolm says you need 8 cores and a bunch of ram, arkime says you need 96-128gb ram...please do a followup and tell everybody what distros you tried and what you like and what you end up using - 24/7 pkt cap is vital and provides smb sector with a good audit trail even if they can't afford soc/threat hunting - at least they have what happened on their network for dfir and for less than 300 bucks they can also gain good insight into what is happening on their network with various apps like pkt sniffer, ntop-ng. Please report on what adjunctive apps you add to pkt cap box to help simplify and gain some degree of visibility - i am in midst of trying to get some adequate hw myself so will be very interested in what you decide upon hw/sw stack-wise. Thanks for the content! I do think adding a box to do ssl/tls proxification would be worth it and let you see all pkts, even the enc ones, maybe even add a cache server like squid too, i think setting up sslstrip on polar proxy may be a good addition #bump list
Hi Gerald, great work on creating great content! I am a reasonable noob to cyber, and I'm trying to follow along, trying to expand my project portfolio and hands-on experience. However, I'm trying to do it on the VMware workstation. Got as far as installing the Ubuntu live server, however unable to config the vlan on the server. Any advice?
Hey mate, welcome! Glad to hear your following the series :) You add the VLAN when your at the network config part of the build.. when you initially start the vm it goes through a wizard. If have went past that part, you can manually modify the network config and add the vlan. However, if your new to all this.. you'll probably save yourself some time by scrapping the VM you built and creating a new one. Hope that helps.. let me know if it works for you! Cheers
@@gerardobrien Hi mate. Thanks for the reply. I did some research and it seems that vmware workstation does not support vlan tagging or segmentation. So I think I will have to put the whole lab into just one network. I know that can be risky but my thinking is that as long as the entire network is isolated, that should be fine. Anyway, I wanted to update you on the current standing. Cheers
Hello Gerard, I appreciate your passion and efforts creating such a useful Video Lab, but would you please speak a bit slower and more clear as I am not a native English speaker (Closed Caption didn't help) to understand what you're talking, it's a byte difficult to catch you😊but again, Thank you very much 🙂
Hey there!! Thanks for your comment! 🙂 Yea sorry it's my accent.. I'll do my best to speak clearer in the next one! Drop me a DM if you need clarification on anything on this video. Thanks again, Gerard
Great video! It would be better if you share a little about the lab spec and some resource that you recommend for each compoment like ( cpu will need ... core ... ram ... disk) because i also want to make my unuse pc to a lab
Superb video. I have only one physical network adapter in my laptop. I am wondering how pfsense and other systems like security onion in proxmox will be setup in that case? Please help me with that
@@gerardobrien Thanks for that suggestion but I would like to try something else. maybe you can suggest, so my laptop lan is connected to a firewall switch directly and I can setup vlans in the firewall, can this be something which will work? Sorry my networking is a bit in beginner stage.
Hey, I saw that the Ubuntu server got the planned IP from the DHCP. How did that happen? Is that because of the same VLAN tags are used in the proxmox configuration and pfsense setting?
Hi. My laptop has 16GB of RAM, and I don't think it meets the requirements for deploying this lab setup. Also, I don't have a server. Do you have any suggestions for platforms or alternative setups where I could still follow along with this project effectively? Thanks in advance for your help!
Hey mate, some others have used virtual box to create the lab. Since you dont have enough ram, cpu for all the machines you could just build what you need.. and turn on/off the others when you need to. Start with pfsense(1gb ram), kali(2gm ram) and wazuh(4gb ram). Hope that helps :)
how did you connect and receive three networks to the computer from the server means that "The Ultimate Cybersecurity Lab" AWS, AZURE, GCP but where did you get it and where are you connected and how did you do it with proxmox I want to know step by step
I need Bro your help. I have Ubuntu 18.04 on my laptop and it has a VPN settings configured on it. This OpenVPN Its managed through pfsense. Split Tunnelling is enabled on the VPN server but it seems my local system is missing some configuration which is causing it to not work Now my query is that when I connect to this VPN I connect to my work network & I am able to work inside it, but this disconnects the internet connectivity that is working on my base machine (Ubuntu 18.04) I want the internet to be working on my base system & also I should be able to connect to my work network Can you please tell me what settings I need to do on my laptop VPN to make this work. Kindly help. There are these 2 entries in my vpn client configuration file which I think is related to the split tunnel, which should allow split tunnel to work on my client machine but it still does not work route-nopull route 255.255.255.255
To be honest you might struggle, instead of investing in a hard drive.. maybe get yourself a lab server.. or if you have a desktop, buy more ram and storage.. hopefully that should get you going
when i run kali in proxmox it uses novnc and there is no way to copy and paste between my computer and the web interface of the kali machine . is there a way to fix this or do i need to change from novnc to something else or something ? thanks for the great video , as a pentesting student that also wants to be knowlegable about the blue team side this lab video is the best ive ever seen (and ive stayed up all night looking through them 😂)
I feel your pain, 😀 I've been using the console window and sometimes it gets a bit slow! I installed TeamViewer free on my Kali machine, I then connect to Kali from my laptop... Makes it easier and it's allot faster!! Any other tools you think we could add in the lab?
@@gerardobrien true I was gonna look at other vnc tools but team viewer does have some other cool tools that would be great, thanks. Emm I would say maybe a c2 server and maybe a lightweight Linux vm for automation for bug bounties and recon set up with alerts to tell you when a target has new endpoints. but appart from that it is a great lab for pentest. A server with ollama to run local Ai lm on would also be awesome. Since using non local ai can lead to data leaks if you give it client data. I run dolphin-mistral locally using ollama and it is uncensored ai and great with code. It runs fast even on an old laptop server.
Hey mate, this is really just a learning opportunity! I'll usually overlap and build loads of tools just to check them out and see how they work 😃 if your new to security id encourage you to do the same!
@@gerardobrien that's what i am doing my friend :). That is how I learn how Wazuh is different from Security Onion. because both have some overlapping options and it was hard to learn until full fledge production use :D
I have 5 different laptops, 3 Mac’s and 2 windows do I need to buy a small server I can use one of these pcs for proxmax or can I install it on a laptop
Thank you for creating these videos! I followed this one to the letter, but DHCP is not working on one of the VLANs. Compared it to the others VLANs but did not find the problem. Any suggestions?
Have you compared DHCP config across the VLANs on the firewall? Are you getting any IP address at all on the VLAN? The way it's set up, if you don't enter a VLAG tag in the VM network settings you should get an IP in the 10.10.1.0 range
Hi i don't understand 'cause with virtual box when i install pfsense after the installation and after i clicked on reboot...restart the installation process lol ....also with your video and other videos that i watched i have the same problem
Having a bit of issue. After spinning Ubuntu VM in VLAN 30, its not able to ping its gateway. Looking at the firewall logs in pfsense, I see no packets coming out of VLAN 30. Any idea what could be the problem?
Hey mate yea you should be able to do this, it's within the network preferences section of VMware workstation... Check out the very first video on my channel, I made a walk through of exactly this 👍
I'm having an issue with the vlan dhcp. Anything placed on any of the vlans doesn't get an ip address and can't ping pfsense. If I leave the vlan tag empty it gets an IP
@@gerardobrien sweet, thanks! I currently work a Sys Admin and I am following along to build and learn from this lab. I am kinda new to Proxmox so that’s gonna be my first step to put it all together
Good would be a lab without Proxmox. Cause honestly Proxmox is pretty good when it comes to virtualization but pretty messy when it comes to storage things: Ridiculous short timeouts hardcoded into the software for example, is simply a bad software design.
@@gerardobrien I bought 32gb ram, and have proxmox setup with 2 nodes and a raspberry pi 4 as quorum everything is setup now, It's time to follow through your video now thanks.
@@gerardobrien I'm just curious sir, what hardware specs do you use on this lab, I've watches episode 1 and 2 I see your freely setting up high cpu and storage on your instances?
Welcome to Part 1 of my Ultimate Cybersecurity Lab Project! If you want to get hands on across networking, firewalls, cybersecurity, docker and containers then this is the perfect project for you!!
how did you connect and receive three networks to the computer from the server means that "The Ultimate Cybersecurity Lab" AWS, AZURE, GCP but where did you get it and where are you connected and how did you do it with proxmox I want to know step by step
but I need quite a configuration but how do you get WAN on LAN so that you have WAN to add internet access and LAN should work internet u pfsense topic too fast so he did after step firewal quite and with also players and everything too fast I don't know where you got it from I know that the computer with the server was bought and you bought internet access with the AWS donor, google cloud,cloudflare i don't know where you did such things really too fast
Great video. For those who are unable to start the Ubuntu VM because of the error, "no physical interface on bridge 'vmbr2' error", please ensure the "vmbr0" bridge that is connected to the physical interface is VLAN aware and do not add the IPv4/CIDR for the vmbr1 Linux bridge. For any particulr VM just add the VLAN tag in the network properties.
Ran into this and had me stumped for about 30 min. Google helped me move forward and then next day I re-watched the firewall piece and noticed Gerard mentioned this, I just totally skipped over it.
This is amazing. I’m waiting for part 2. Please don’t take too long. The best tutorial/walkthrough out there
Working on it right now :)
This is what I've been waiting for !!!! Please do keep us waiting
Correction: Please DON'T rush it, as that's what makes potentially great youtube series fail. "Pumping out videos too fast" == quality suffers.
So, Take your time, we wait 😊🤘🏻
thats so true , video games and so many other things suffer from the creators listening to the impatient fans haha@@maxfrischdev
God-send tutorial! Love the simplicity with the explanations, and actually showing each step in an efficient manner. Can't wait to build the rest of the system!
FYI: for anyone replicating this in VMWare Workstation, since there isn't a specific option to tag the VLAN IDs in the Ubuntu and Kali VMs network adapter settings, the pfsense VM should have 5 NICs in total. If you already went through the process of setting up the VLANs configuration in the browser, all you have to do is add 3 more NICs to the pfsense VM. I used vmnet2,3,4,5 mapped to LAN,VLAN10,VLAN20,VLAN30 respectively. Then just go into pfsense and re-assign the interfaces and it should automatically map the VLANs to each other NIC. The kali vm can have the vmnet3 NIC and ubuntu can have the vmnet5 NIC and when you check each of them, the IP should automatically be mapped within the .50-.100 range as configured in pfsense and ping tests should work! Had to jump through hoops to figure this one out :)
Great explanation and thanks so much for sharing this. I'm planning to make a video around this as a lot of people have asked about using other products! Thanks again!
Hey can you walk me through that process
I have learned more in this one video than I have in just about every other video on this topic combined. Very impressive and thank you for putting all this together.
I watched many walkthrus . This is one of the best. Keep it going brother. I am moving on to episode 2
To say this is amazing is an understatement. Really great work.
A really good no nonsense tutorial. Every single step well explained and demonstrated. Really looking forward to seeing future videos. Thank you for your time and effort making this fantastic tutorial.
this is absolutely sick, exactly what i was looking for, thank you
So awesome! I can't wait for the rest!!
I love the great detail you portray in your content! I’m a home labber and I wanted a basic layout and how to set up. Thanks!
Love the lab and video series - I had a vsphere lab for work and sold everything off. Now, I have acquired some reasonable gear to walk thru these awesome security scenarios and add on some fun. Thanks again!
Hey - thanks so much for making this. I already had an extra proxmox node and some general self-hosting skills, so this video was easy enough to follow along with. I'm not as familiar with some of the tools in the upcoming vids so I'm excited to learn and see if I can keep up. Just wanted to say I appreciate the effort. Thanks
great video! Subbed to follow for the next parts. One thing I'd appreciate more of (perhaps in upcoming videos) is further details/explanation around your network segmentation and firewall rules you put in place, both on proxmox and pfsense. My thoughts are highighting best practices for creating a "secure" cyber-security home lab that is isolated from your primary network. Keep up the great work! I'll be following along building my own
Hey there, great idea! I'll keep it in my notes for upcoming videos. Would be pretty easy to add an additional secured VLAN behind the firewall.. could lock access down so its only accessible from the Kali machine. Thanks
Great video, I'm looking forward to the rest of the series.
Kudos for the short and to the point instructional video. High points for the "go straight to it " style and editing which I like.
Tested and verified the lab. I tried this lab by nesting Proxmox inside VMWare Workstation itself and it still run very fast. The only minor mistake is the network diagram in VLAN30 showing 10.30.30.0/24 instead of 10.10.30.0/24 at this time code where i saw it ua-cam.com/video/XIvn0ZDSmKA/v-deo.html
Dude! I love this, to the point and easy to understand. It took me 2 days to figure out how to get the firewall connected on other tutorials! keep up the good work. moving onto part 2 , and 3 today
Great hope it's going well 😬
Amazing, looking forward to following this
This is absolutely amazing, awesome work you're doing here and thank you so much for sharing the knowledge...🎉🇿🇦
love this definitely will be following along
Excellent video. I learned quite a bit in the first lesson. Looking forward to the additional lessons in this series.
Amazing was eagerly waiting for this🤩
Okay. This is cool as hell.
I'm really excited to follow along!
Thank you :)
Love the lab. I'm excited to see where it goes next.
Thanks!! Let me know if there's anything else I should add 😀
@@gerardobrien Oh goodness I'm super to new cybersecurity so don't got much for you. My only suggestions are Password Pusher & DNSTwist.
You are video is 10/10. Keep going bro!! I hope I will gain tons of knowledge from your other videos.
Great video! looking forward to the rest of the series. A hint for adding sudo in front of pasted command, just press home button on your keyboard instead of left arrow key :)
just type sudo !!
the command will be re-run with sudo in front of it.
WOW thank you soo soo much. I have just subscribed. Can't wait for the follow up!
Excellent really well explained thank you.
I am a new cybersecurity student and run proxmox, I may just reset my proxmox and setup like yourself......following closely and subscribed lol
Tip: if you click the link at the end of the docker install page, they show you how to add your user to the docker group so that you don't have to type sudo before every docker command.
great video! subbed to follow for the next parts. One thing I'd appreciate more of is the minimum hardware requirements ~ disk space/ ram requirements etc. Will one network port be okay or is 2+ preferred. Going to repurpose an old PC. Thanks again
Hey mate! One network port is fine for this, thats what I'm using! In terms of hardware, all i can say is the more the better, my server has 256gb ram thats why I've been very generous to the vm's. Theres gonna be allot of machines running at the end, id recommend 64gb at least. If you dont have that, just turn on and off each machine as you want to use them. Obviously firewall will need to remain on all the time. Hope that helps! Gerard
Thx
How about cpu..?
I came here for the exact same question. I was going to ask about the specs as well. I tried doing something similar before on a laptop, and Security Onion was running so slowly that I really couldn’t run it with other VMs. The H/W specs are super important. 256Gb RAM?? WOW!!!
@@jnelly3426 seems like you need have alot of to play around with tech…so expensive..
Good stuff man..!
brilliant content, looking forward to the next steps
Subbed because This. Looks. AWESOME!
Great video. Looking forward for full series. Please provide the links as you mentioned. Thansk.
Amazing video, to the point. Exactly what I was looking for.
I just had one doubt, when you created the firewall rules such that VLANs can communicate only within their VLANs, how did Kali in VLAN1 ping VLAN30 Ubuntu device?
Woah, nice lab. Cant wait to follow along
Great video brother 👏🏽
This is insane. Gonna be making my own and im definitely gonna be referring to his :)
Thank you so much buddy that's really helpful ❤ you got new sub
Hey, I'm curious, why put the SIEM and similar IDS/IPS tools on the Kali subnet? I would have thought to put that in line with the endpoint subnets (Docker, AD/Windows, and vulnerable apps), and the Kali/PenTest platform on the 'outside'.
I've worked for 2 years in a SOC and just starting to get more into virtualization and cloud, so super excited about this series. I'll be sharing these with my coworkers for sure! :)
Hey mate, Kali lives in that default subnet as I needed it first before I could log into the firewall and create additional vlans. For other segmentation, having those tools in separate vlans was just for fun, no real design principle behind it so feel free to place tools in whatever vlan you want. At some point i might replace the firewall with something else...maybe checkpoint or palo alto.. once i have that ill segment the vlans and add some rules. Glad you like the lab so far!
Excellent tutorial, I run Proxmox at home, this will be something to play with... Sub'd your channel can't wait for Part2
Thank you very much!!!! more 🤩🤩
Perfect Perfect Perfect, keep going.
Love it mate
Thanks mate! follow along and build it too :)
Hi Nate, this is so amazing . Can I use VNWare to create this, and my home network as well?
@@heaven1763 hey, yea you can you just need to make sure the network setup is in place 👍
No fluff. perfect
you really need an ids/ips distro going here to monitor and record all packets 24/7 plus a ssl proxy like polar proxy would be helpful also - buckle in if you are going to install security onion - it is a pretty big install and takes lots of ram, others are malcolm and selks - you probably want a machine with 64gb ram
you were right about security onion :)
@@gerardobrien do an update with the siem box and proxy included - unfortunately guidance from distro makers is fairly skewed selks says 16gb and 4 cores is ok, seconion is quite a bit more and malcolm says you need 8 cores and a bunch of ram, arkime says you need 96-128gb ram...please do a followup and tell everybody what distros you tried and what you like and what you end up using - 24/7 pkt cap is vital and provides smb sector with a good audit trail even if they can't afford soc/threat hunting - at least they have what happened on their network for dfir and for less than 300 bucks they can also gain good insight into what is happening on their network with various apps like pkt sniffer, ntop-ng. Please report on what adjunctive apps you add to pkt cap box to help simplify and gain some degree of visibility - i am in midst of trying to get some adequate hw myself so will be very interested in what you decide upon hw/sw stack-wise. Thanks for the content! I do think adding a box to do ssl/tls proxification would be worth it and let you see all pkts, even the enc ones, maybe even add a cache server like squid too, i think setting up sslstrip on polar proxy may be a good addition #bump list
Awesome video! Can we have the network diagrams too, it would help with visualizing the infrastructure? cheers.
Hey there I put a post up today on this, hope that helps 😀
Thanks ❤
Good work ❤
Hi Gerald, great work on creating great content! I am a reasonable noob to cyber, and I'm trying to follow along, trying to expand my project portfolio and hands-on experience. However, I'm trying to do it on the VMware workstation. Got as far as installing the Ubuntu live server, however unable to config the vlan on the server. Any advice?
Hey mate, welcome! Glad to hear your following the series :) You add the VLAN when your at the network config part of the build.. when you initially start the vm it goes through a wizard. If have went past that part, you can manually modify the network config and add the vlan. However, if your new to all this.. you'll probably save yourself some time by scrapping the VM you built and creating a new one. Hope that helps.. let me know if it works for you! Cheers
@@gerardobrien Hi mate. Thanks for the reply. I did some research and it seems that vmware workstation does not support vlan tagging or segmentation. So I think I will have to put the whole lab into just one network. I know that can be risky but my thinking is that as long as the entire network is isolated, that should be fine. Anyway, I wanted to update you on the current standing. Cheers
Hello Gerard, I appreciate your passion and efforts creating such a useful Video Lab, but would you please speak a bit slower and more clear as I am not a native English speaker (Closed Caption didn't help) to understand what you're talking, it's a byte difficult to catch you😊but again, Thank you very much 🙂
Hey there!! Thanks for your comment! 🙂 Yea sorry it's my accent.. I'll do my best to speak clearer in the next one! Drop me a DM if you need clarification on anything on this video. Thanks again, Gerard
@@gerardobrien Thank you 😊
You can slow down the video speed from the you tube settings if you need and watch at a slower speed!
Great video! It would be better if you share a little about the lab spec and some resource that you recommend for each compoment like ( cpu will need ... core ... ram ... disk) because i also want to make my unuse pc to a lab
Hey I updated the description 😀
Oh nice, thank you!
waiting for the more videos
could you let me know why you went with proxmox instead of xcp-ng
I will follow so that I can see you install The Hive project. My installation was not what I expected. I need the help. Thank you.
Superb video.
I have only one physical network adapter in my laptop. I am wondering how pfsense and other systems like security onion in proxmox will be setup in that case?
Please help me with that
You can get a USB network adapter but sometimes drivers are a pain... But it's an option 😀
@@gerardobrien Thanks for that suggestion but I would like to try something else. maybe you can suggest, so my laptop lan is connected to a firewall switch directly and I can setup vlans in the firewall, can this be something which will work? Sorry my networking is a bit in beginner stage.
This Amazing
Great video can you also add ips and waf
What is the difference step between VirtualBox and proxmox because I didn't have any machine to setup proxmox. Thanks.
Hey, I saw that the Ubuntu server got the planned IP from the DHCP. How did that happen? Is that because of the same VLAN tags are used in the proxmox configuration and pfsense setting?
Hi! Yes, I was also confused on the ubuntu/docker step. I received VLAN1 instead of 30 as intended.
Hi. My laptop has 16GB of RAM, and I don't think it meets the requirements for deploying this lab setup. Also, I don't have a server. Do you have any suggestions for platforms or alternative setups where I could still follow along with this project effectively? Thanks in advance for your help!
Hey mate, some others have used virtual box to create the lab. Since you dont have enough ram, cpu for all the machines you could just build what you need.. and turn on/off the others when you need to. Start with pfsense(1gb ram), kali(2gm ram) and wazuh(4gb ram). Hope that helps :)
@gerardobrien Can I do this project on a MSI Crosshair 15 i7 11800H 2.35GHz 8 core(s) with 64gb RAM and 2TB HDD?
Yea I think this could work, turn on and off what you need and you should be fine.
@@gerardobrien copy that, thank you Sir for the in depth information you’re sharing with us on this project. I’m means a lot🙏🏾😊
how did you connect and receive three networks to the computer from the server means that "The Ultimate Cybersecurity Lab" AWS, AZURE, GCP but where did you get it and where are you connected and how did you do it with proxmox I want to know step by step
Hey sorry, I'm sure what your question is.. if you could clarify I'll try to help
Great contents. Can you please share network design diagram?
hey there, i done this already via a community post.. check it out :)
@@gerardobrien thx. Are you going to do further video on how to setup AD environment? Thx
Yep in the next few weeks 🙂
@@gerardobrien thanks!
I need Bro your help. I have Ubuntu 18.04 on my laptop and it has a VPN settings configured on it. This OpenVPN Its managed through pfsense. Split Tunnelling is enabled on the VPN server but it seems my local system is missing some configuration which is causing it to not work
Now my query is that when I connect to this VPN I connect to my work network & I am able to work inside it, but this disconnects the internet connectivity that is working on my base machine (Ubuntu 18.04)
I want the internet to be working on my base system & also I should be able to connect to my work network
Can you please tell me what settings I need to do on my laptop VPN to make this work. Kindly help. There are these 2 entries in my vpn client configuration file which I think is related to the split tunnel, which should allow split tunnel to work on my client machine but it still does not work
route-nopull
route 255.255.255.255
apt-get cannot connect to Ubuntu archives. any suggestion?
Is it possible to do this project without a lot of ram and storage available or should I invest in a hard drive?
To be honest you might struggle, instead of investing in a hard drive.. maybe get yourself a lab server.. or if you have a desktop, buy more ram and storage.. hopefully that should get you going
Will this work using m3 MacBook?
when i run kali in proxmox it uses novnc and there is no way to copy and paste between my computer and the web interface of the kali machine . is there a way to fix this or do i need to change from novnc to something else or something ? thanks for the great video , as a pentesting student that also wants to be knowlegable about the blue team side this lab video is the best ive ever seen (and ive stayed up all night looking through them 😂)
I feel your pain, 😀 I've been using the console window and sometimes it gets a bit slow! I installed TeamViewer free on my Kali machine, I then connect to Kali from my laptop... Makes it easier and it's allot faster!! Any other tools you think we could add in the lab?
@@gerardobrien true I was gonna look at other vnc tools but team viewer does have some other cool tools that would be great, thanks. Emm I would say maybe a c2 server and maybe a lightweight Linux vm for automation for bug bounties and recon set up with alerts to tell you when a target has new endpoints. but appart from that it is a great lab for pentest. A server with ollama to run local Ai lm on would also be awesome. Since using non local ai can lead to data leaks if you give it client data. I run dolphin-mistral locally using ollama and it is uncensored ai and great with code. It runs fast even on an old laptop server.
How you got the addresses.. for every interface
I made them up when designing the network for the lab 👍
Hi Gerard, I am new in security, Security Onion also supports incident response. why use hive and Security onion altogether?
Hey mate, this is really just a learning opportunity! I'll usually overlap and build loads of tools just to check them out and see how they work 😃 if your new to security id encourage you to do the same!
@@gerardobrien that's what i am doing my friend :). That is how I learn how Wazuh is different from Security Onion. because both have some overlapping options and it was hard to learn until full fledge production use :D
@@yousufturkey9273hello im still struggling understanding the difference between wazuh and security onion could you please explain ?
Hmm any reason I can not use opnsense?
Go for it mate what ever works for you 😀
I have 5 different laptops, 3 Mac’s and 2 windows do I need to buy a small server I can use one of these pcs for proxmax or can I install it on a laptop
Thank you for creating these videos! I followed this one to the letter, but DHCP is not working on one of the VLANs. Compared it to the others VLANs but did not find the problem. Any suggestions?
Have you compared DHCP config across the VLANs on the firewall? Are you getting any IP address at all on the VLAN? The way it's set up, if you don't enter a VLAG tag in the VM network settings you should get an IP in the 10.10.1.0 range
@@gerardobrien Hello Gerard! Thank you! The VLAN tag did the trick. 👍
Hi i don't understand 'cause with virtual box when i install pfsense after the installation and after i clicked on reboot...restart the installation process lol ....also with your video and other videos that i watched i have the same problem
Having a bit of issue. After spinning Ubuntu VM in VLAN 30, its not able to ping its gateway. Looking at the firewall logs in pfsense, I see no packets coming out of VLAN 30. Any idea what could be the problem?
did you figure it out? also, do you use 8.8.8.8 or do you use the ISP's DNS address for DNS1 and DNS2 in the pfSense Firewall?
How would I go about getting the networking and vlans set up on vmware workstation?
Hey mate yea you should be able to do this, it's within the network preferences section of VMware workstation... Check out the very first video on my channel, I made a walk through of exactly this 👍
I'm having an issue with the vlan dhcp. Anything placed on any of the vlans doesn't get an ip address and can't ping pfsense. If I leave the vlan tag empty it gets an IP
Ah nvm. I rebooted the entire server and that fixed the issue
Ah good I was thinking it might be the network adapter! Glad it's working for you now
More plz
I am stuck at Ubuntu, it doesn't get the update, apt-get update fails to fetch files. I want to continue, can I skip docker step?
Hey mate from your server can you connect out to the internet? Can you ping google.com?
@@gerardobrien You're right I can't ping. Temp failure in name resolution,
Hey sorry for the late reply, this is an issue with dns.. set your DNS to 8.8.8.8 👍
Am unable to install proxmox can i use virtual box or VMware
You can yea, you just need to make sure the networking is right 👍
Cam I use VirtualBox for this lab?
hey there yea you probably could you'd just need to figure out the networking piece first :) ive not tested this in virtualbox yet.
What application did you use in the beginning to build the chart?
Lucidchart 😬
@@gerardobrien sweet, thanks! I currently work a Sys Admin and I am following along to build and learn from this lab. I am kinda new to Proxmox so that’s gonna be my first step to put it all together
We'll build everything first then go back and deep dive in each 😬
where from vmbr1 came from?
This is something you need to create, you can do it within the network page 👍
Good would be a lab without Proxmox. Cause honestly Proxmox is pretty good when it comes to virtualization but pretty messy when it comes to storage things: Ridiculous short timeouts hardcoded into the software for example, is simply a bad software design.
>cybersecurity
>using docker instead of podman
I might actually add this too
hello pls what's name of soft do you used to design network, thanks you
or possibilite to share doc design please
are all these tools for free please?
👋
Is 4core 8 threads enough for rpoxmox with 16gb of ram?
Hey mate you could make it work if you turn on and off machines when not using them, 32gb would be good though if you can get additional ram 😀
@@gerardobrien I bought 32gb ram, and have proxmox setup with 2 nodes and a raspberry pi 4 as quorum everything is setup now, It's time to follow through your video now thanks.
@@gerardobrien I'm just curious sir, what hardware specs do you use on this lab, I've watches episode 1 and 2 I see your freely setting up high cpu and storage on your instances?
be regular
Wwwwww🎉🎉🎉❤❤😂😅😂😅❤
In the vlan 30 there is an IP that is wrong on the schematics: 10.30.30.xx should be 10.10.30.xxx
Can you make a full course on Cybersecurity 🥲
Maybe at some point, what exactly would you like to see? 😄