Howdy, all. In part one of this series on building an IR homelab, we created a Windows Forensics Workstation to use for analysis, and a basic fileshare to store evidence.
Now its time to leverage one of the more powerful features of Autopsy: the Central Repository.
Question — If you found malware or attacker staging scripts during an investigation, how would you know if you had already seen it before? What if a former colleague had worked the case?
And — If you wanted to record a known bad file for your future self, how would you do it? …
Howdy all. First of all, a huge shoutout to the team at Basis Technology for offering a $500 Autopsy training course for free! Link here. The course is a great dive into the features of Autopsy, and gives some “under the hood” explanations about how the program approaches carving, ingestion, plugins, prioritization, and much more.
However, the course could really use a practical guide on how to configure a Forensic lab environment to learn Autopsy, Incident Response, and Forensics. I consider this small series a continuation of the Autopsy class, and a use case for a homelab.
Over this series, this is the network we will be building. We will be exploring some of Autopsy’s extended functionality and integrations. …
Proxmox — Framework, Setup
pfSense — Interface Management/Assignment, DHCP, OpenVPN
Security Onion — Proxmox Bridge Traffic Mirroring, Fullscreen on Proxmox
This is not a super detailed step-by-step guide. This is more of an explanation of my proxmox/homelab setup. Where ever I gloss over the details of an install or process I have (hopefully) added a link to a more detailed guide in the references.
Howdy all. Too often I see (and have used) guides that focus a lot on installing and configuring a basic Proxmox setup, with no guidance on how to organize it all. Having used Proxmox for nearly 3 years now, as a homelaber, and for an organization of 20–30 active users, it can become a mess really quickly. Which bridges are for what network, what VMs do what (no “TestVM” does not tell me what its for), or what VMs in which network. Some Proxmox admins lean heavily on standardizing VMIDs, and embedding the purpose, network, lifespan, and ownership right in the number. This works great until you have multiple people, or you just cant be bothered and you want a ubuntu container to watch Starwars via telnet.
telnet towel.blinkenlights.nlSo, …