THREAT HUNTING DLL-injected C2 beacons FOR BEGINNERS 02 - Setup

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] Hi friend so glad you could make [Music] it welcome to the second video in our series on threat hunting dll injected C2 beacons in the previous video I briefly out outlined what we'll be learning in this course and today we'll be setting up a very simple virtualized environment specifically we'll be setting up the three VMS we need for this course a Windows 10 system which will be our victim a Cali Linux system which will serve as our attacker and finally an auntu 20.04 system for postmortem analysis so enough with the dilly d let's get to it requirements now I do want to give you some sense of the hardware requirements for this course however I also have to add that I'm not an expert in this area like at all at all at all so I'll provide an overview of what we'll be running as well as what I think this translates to in terms of host resources I.E your actual system but please if you disagree with my estimation and believe you can get to the same results by adapting the process then please do so I'm going to have to go ahead and sort of disagree with you there after all this is the way of the hacker I I want to Triple the ram right as mentioned before we'll create three VMS in total however at any one time there will only be a maximum of two VMS running concurrently for each of these VMS I recommend the following system resources a minimum of two but ideally four CPU cores a minimum of four but ideally 8 GB of RAM and around 60 GB of hard drive space So based on this that is roughly 2x the above plus resources for your actual host system you would likely need something along the lines of 8 CPU cores with 12 or more even better 16 GB of RAM with 32 or more even better and around 200 GB of free hard drive space now I understand this requirements is rather beefy Beefcake beef but please consider the following you don't have to use a single system to run the entire VLAN you could create an actual physical Network for example with a Raspberry Pi cluster and run the VMS on that or instead of raspberry pies you can also use mini pieces or refurbish clients really for a few hundred you could more than easily be equipped to run the small Network now I don't want to sound insensitive to a few hundred [Music] but I'm going to label with you here if you want to learn cyber security then there is no better investment than having localized resources to create virtual simulations now in case you don't want to invest upfront but don't mind paying some running costs you can also use a service like LOD and simply rent comput via the cloud you can then go and install your VMS on that and you'll have access to them for as long as you care to fit the bow finally I want to mention that beyond the hardware everything we'll use is completely free this course ain't upselling a full course and every piece of software is freely available the sole exception has free Alternatives which I'm about to discuss with you right now hypervisor so in the off chance you don't know a hosted or type two hypervisor is the software that allows us to run virtual machines on top of our base operating system it's kind of like Inception it allows us to create systems within our system I'm a butterfly for this course I'll be using VMware Workstation which costs around $200 however you could also do it with either a VMware Player or article virtual box both of which are free now I've used both VMware Player and virtual box in the past they mostly work well but running into some issues from time to time should not be completely unexpected that being said the problems encountered were all in hindsight opportunities to learn since I've switched over to VMware Workstation my experience has been significantly more stable so if you do have the money and are committed to this path as a career I would definitely consider getting it that being said I don't want to come across as some corporate show so really the choice is totally up to you note that if you do decide to not use VMware Workstation then some of the details of the setup will be different when that occurs it'll be up to you to figure out how to adapt it for your situation you can use Google or or or just playing old common sense again use these opportunities when things don't happen exactly as they should to learn as a wise Emperor once said the impediment to action advances action what stands in the way becomes the way so at this Co please take a moment to download and install the hypervisor of your [Music] choice once that's done with feel free to proceed please go on VM images now that you have your hypervisor up and running the next thing we need to do is install our actual virtual machines now there are a few ways to do this you can for example simply download the entire VM and import recorded into your hypervisor this does usually mean that the file you'll be downloading will be quite large so we'll opt for another approach using ISO files you can think of an ISO file simply as a virtual copy of an installation dis once you run it the operating system reads it exactly as it would an actual physical dis so please go ahead and download the three isos linked right at the top of the description below once you've successfully downloaded all three ISO images we are ready to proceed Windows 10 aka the victim all right guys so we're here in our VMware Workstation the first thing we can do is go to file and then new virtual machine now we can keep this a typical we can say next keep this selected and we'll say next again and then here from the drop down we're going to use the windows 1032 bit uh so select the one that does not say x64 next and then here this is really up to you what you want to call this and where you want it stored for now I'm simply going to call this victim so it's nice and easy and simple to remember and then we can go next 60 gig should be fine we can always change this later if we need to but really that should be more than enough for our needs here uh so we can click next and then here very importantly um done click finish click customize hardware and there's a few things we're going to want to change here and a lot of this is going to depend on the resources you have available just like I outlined before right on the memory you should probably have at least 4 gigs but the ideal would really be 8 gigs uh so 8192 for processor definitely at least two but if you can spare four cores let's go for four cores uh under network adapter we have Nat which is good and then finally under new CD just like I said the ISO file is basically a virtual or a digital copy of a CD dis um so we're basically going to let this virtualized machine think in its CD drive uh it's virtual CD drive uh there is a copy of the Windows 10 installation dis and so we simply select use ISO image here can go to browse and then here in downloads you can see I have my ISO file right there open so we can close and now we can hit finish all right we can see our template appear right here and now all we have to do to install it is switch it on okay and so once the setup begins you might also have a very small screen like this all you need to do is go to view stretch gu and then keep aspect ratio right so we'll keep everything standard as it is here next can click install now all right then obviously take your time and read the license cuz we all do that all the time and so here we'll actually say custom and that's the Virtual Drive we created we can see it's 60 gigs so we can see next and now it's kind of like the first part of the installation that's probably going to take a little while I'll fast forward to the end and we can meet each other there [Music] again all right guys so once that first part is complete um the VM will restart and we'll enter kind of the second half of the setup mostly just click next or yes okay so once you get here it's important to select domain join instead on the bottom left and then you can just give it any name I'm going to stick with the victim nomenclature uh and then for password obviously this is terrible practice if this was actual production machine or something you're going to use but I have the habit for all machines I use to just simulate attacks just to use password because that way I never have to think or worry or you know try to remember anything I just automatically knee-jerk right password and it's always right and for this again since this isn't an important system you can literally just select something and just write some gobble WF o WF again all right so here we really want to turn all this off because if we keep this on Windows is going to be very noisy on the back end and we're going to capture a lot of that noise in our traffic captures so it's always just better to deactivate anything that relates to Windows communicating on the back end with Microsoft uh here as well say not [Music] now all right friends so once that process is done um then basically you know you'll be confronted with the familiar Windows desktop uh so the first thing we want to do is install basically you can think of it as an extension of VMware and it's called VMware tools uh if you're using virtual box virtual box has something similar but it's called something else you can think of it as kind of like this collection of extensions and there's two things that are very useful to us first of all right now you can see that the actual desktop uh is kind more like a 43 aspect ratio and obviously my screen uh is a 16 to9 uh so in order to fill this screen out for it to adapt to the actual aspect reg of your screen we're going to need VMware tools and then the second thing that it does it allows us to copy and paste text between this virtual machine and our host machine and you know especially when we come to commands and things like that it's just very convenient to be able to copy and paste to and fro your actual host system all right so the first thing we're going to do is we're going to click here on VM and then go down to install VMware tools and now you can close this immediately and now basically what this did this created again a kind of like virtual dis inside of the operating system it basically believes right now we just inserted installation CD into the D drive right and so we can just double click on that say yes next typical is good next install easy as can be and then when we're done we can finish uh it wants us to restart um I'm actually going to just shut it off so say no and then we can just click on the start button power off completely by selecting shut down all right once it has shut down we just want to go into settings and so we can just click here on edit virtual machine settings and there's two things we want to do first click on the CD DVD drive and then deselect connect that power on we know this is basically just the installation dis uh we no longer need it and sometimes it can interrupt your startup process CU it's basically trying to boot from the CD again uh and then the second thing we can do is go to display and then just deselect both of those and click okay and then we can hit power on this virtual machine okay and so we can see that it assumed uh the right resolution so just type in password there one thing we can obviously see is that um it's incredibly small and this is kind of often happens with virtual machines almost every OS will have some setting that allows you to basically scale this up and you'll get to know all of them but in this case we can just right click and click display settings right there I know it's very small but you know just take your face closer to the screen I guess display settings and then here you can see it says 100% just change that to in this case 300% and now you can see it's actually large enough for us to see what's going on and so the next thing we're going to do guys is basically disable Microsoft Defender as well as updates and so as you're probably aware Microsoft Defender is the kind of like built-in antivirus SL endpoint protection uh that comes with Windows we want to disable it because we want to be able to attack this system with kind of I guess a sense of impunity we don't want Ms Defender to to block or kind of like inhibit any of our attacks because again guys this is a simulation we're doing a very simple one you know we're not trying to use any evasive techniques or any more Advanced Techniques here we really just want to launch a very simple attack framework metas sploit so that we can look at what results from that and so that we can better understand from the defender point of view what does an attack actually look like uh I'm also going to deactivate updates and the reason for that is sometimes it happens um that you spend a lot of time creating and setting things up and then Windows just kind of goes and in the background updates things and it shifts your configurations in such a way that things just don't work anymore and so obviously that can be very irritating as well um and so we're just going to take a few minutes to deactivate that as well to make sure it doesn't happen okay great so the first thing you can do is right here we can simply write virus and you can go to virus and thread protection go down go to manage settings and then here there four toggles in total let's just turn all of them [Music] off the next thing we're going to do is disable the Windows update service um so you're going to be using this short key a lot if you don't already so when you press the Windows key and R you're going to get the the popup dialogue box for the Run command and we're going to going to use this to invoke a lot of the applications we're going to use so in this case we're going to run services.msc and in this list we're going to go down pretty much right to the bottom and you'll see here Windows update let's double click that and we can see here under startup type it currently says manual let's just click that and let's say disabled and so apply and then okay all right guys so next up we're going to disable Ms Defender via the group policy editor and so again press the Windows key in R and this time we'll write GP edit for group policy editor MSC all right let's just make that a little bit bigger and so here on the left we'll go to computer configuration will'll open administrative templates uh then go down to Windows components and Microsoft Defender antivirus you can see something here that says turn off Microsoft Defender anti antivirus just double click that and then we just want to enable that you can see actually the screen cuts off at the bottom so just make it shorter drag that up and again we want to hit apply first and only then okay and so we want to stay in local Group Policy editor for now we're also going to disable updates from here um so again Under Computer configuration administrative templates Windows components exactly where we are now we're just going to scroll down until we get to Windows update right there so here we will see configure automatic updates once again double click that say disabled hit apply okay and that's it for local Group Policy editor for now so you can go ahead and close that and so the next thing is we just want to disable the fender via the registry via the command prompt and so click here and just write CMD and right click on that and say pin to taskbar and actually you know what while we're here by power you'll see a regular Powershell and a Powershell isse will be working with the regular Powershell so right click that and pin that to taskbar as well we will be using these both a lot especially Powell so it's just convenient to have it there and now on the CMD icon right click and you see command prompt there again right click on that and now say run as administrator click yes and now there's a pretty long command we need to actually paste in here and so I'm going to suggest that you actually go to the course page and copy and paste the command from there otherwise if you really want to you're free to just pause the video right now when I drop it in there and hit enter obviously obviously and we can see we get the feedback that the operation completed successfully big success all right now there's kind of like one final pretty big job left um and in order to achieve this we will actually have to boot out of the regular windows and go into safe mode so again let's hit our Windows R and this time we'll write Ms config and then hit the boot tab under boot tab just select save boot hit apply and then okay it's going to basically tell us we need to restart and we can just say restart all right guys so you can see rebooted Us in safe mode uh we again want to go to view stretch guest keep aspect ratio stretch but it's not going to adapt to the resolution of our screen as long as we're in safe mode uh so for now just don't worry about that it's um only temporary enter our password and so here we'll only be working with the registry editor so again hit our shortcut Windows R and then this time you write reg edit and you can see our registry editor right guys so there is a whole list of keys that we're going to change the values of right now um if you wanted to again you can find the complete list on the page of this specific or section or you can just follow along should be easy okay so under hkey local machine Let's Open that and then we'll open system and then we'll open current control set and then we'll open services and so there's a whole bunch of values here right now guys under services and what we're basically going to do is we are going to change the value of them to the value of four okay so the first one we can go down to is called sense see it's right there sorry I should have been clearer we're going to change the value of the start key here we can see the start key in every section we'll be doing this you can see the value right now is three and basically all we want to do is double click change that value to four it okay so scroll down on the left the next one we're interested in is called WD boot same thing double click Start change it to four okay and next one's called wind defend uh the next one is WD n Drive right there and then this one right below it and then finally um there should be WD filter right there all right and that's actually everything for Ms Defender uh and now we just got to do the exact same thing or something similar for updates uh but it's only going to be one key this time that we're going to create actually and so here we were under system go back there we don't want to be under system this time instead we want to be under software but still hqy local machine then open Microsoft then go down to Windows then we see here current version we'll scroll down to Windows update and finally we'll click here on auto update right and so right here anywhere in the blank space basically you can right click you can say new dword 32bit value take that and we're going to call this Au options just like that let's double click that let's change the value to two let's hit okay that's it guys now you're going to close this hit that again then let's write Ms config once more and we're basically just going to unselect the safe boot startup hit apply hit okay and we want to restart and now we'll boot back into our regular windows with Microsoft Defender and updates completely disabled or as I like to call it deep disabled all right friends so the next thing we're going to install is cismon I won't go into a lot of detail about Sison here we will cover that actually in more depth in a future episode basically cismon is a Microsoft owned you can think of it as a extra logging extension that you can install and activate and it's a a form of logging that was created by somebody named Mark renovich and it just greatly enhances logging specifically from a security point of view in other words it really captures data that typically for us as a security analysts are incredibly relevant so the there's just one other thing I want you to know is uh we're going to have to download two files right now we'll install the actual cismon install file but then also we will download a config file for Sison and so once again Guys these links are on the actual course page you can go copy and paste it there or if you want to you could literally just probably simply Google this and it should come up uh but for now let's go ahead and open Edge the first time it's going to be very irritating and ask a bunch of questions just again select any updates or anything without our data do not allow continue without data don't do that all right and now finally we can start so once again I'll drop the address here for sysmon and you can see it downloaded the zip file now once again I'm going to copy and paste the URL for the config file we'll use and this case it's one called neot 23 x0 we can just download this Z file right there all right and that's really it guys we have the two Z files we need so let's just click here on the folder going to show these two I'm just going to cut them go to desktop I'm going to create a new folder put Sison and I'm just going to drop it there I'm going to extract this but in to this folder itself dto for the other one and then let's uh just go ahead and tidy things up a bit let's delete the two zip files we no longer need them and then let's go in here and then select this one you can hit contrl C or contrl X we just want to go One Directory up and we just want that to be in the same directory technically not necessary just makes our lives a little bit easier when we provide the command one other thing here is just rename that again not technically necessary but just going to be slightly simpler for us um okay guys so now pretty much everything is set up and ready to go there's just one thing we need to do now which is um run the actual command and so let's open a Parell window right here so we can just go to file open power shell and then open it as an admin say yes [Music] you can see very conveniently we are in the directory we need to be so once again you can either copy the command from um the actual course page or if you wanted to you could just pause the video and write this down right now and just one thing we're just going to want to change that and I should just add that right there so it knows that we're referring to an executable in the current directory and we can see right there it says sis started um and so we should be good right now uh you know that should be it however we can also just quickly run this command and then it says right there that sisman is running and so we're all good with this section all right friends and so after we've activated cismon uh we want to go ahead and actually activate another form of logging then which is called Power shell operational or uh rather pow shell script block logging and so what this is going to allow us to do is it's going toow us to see any commands um as well as script contents that were run in pow showell and this is very powerful especially these days insecurity and that's because in the kind of new age of living off the land Paradigm Powershell is an integral part obviously not only for regular network operations for CIS admin and things like that but it's because of its power it's also something that hackers love to abuse a because it's powerful and also B Because of its UB Equity right there's always this joke where sometimes maybe a CEO that doesn't know better would say well if hackers are using Powell all the time why don't we just disable it the problem with that idea is you can't disable it because you need it to do so many things regarding uh regular uh Network and cess admin operations all right and so one other thing you can be aware of is that we again could use the guy the uh Group Policy editor we used earlier to to activate Powershell script block logs however the other way is just through running a command in Powershell itself I'm going to prefer this method and this is what I'm going to teach here and the real reason is is because this is method is scalable if for any reason one day you needed to perform this action on 100 or 500 or 5,000 stations instead of logging in individually on each one and needing to open Group Policy editor and then deactivate it uh you could basically run one single command from a domain controller and apply this setting to all of them so it's definitely a technique that you want to kind of learn and have in Your Arsenal very early on what we're basically going to do here we're just going to drop a few commands in Powers shell so the first thing here is let's right click there on the par window and then select run as administrator there yes and now it's really just the case of copying and pasting three commands and running them just say a yes to all and now our second command now our third command sorry I made a mistake I said there were only three commands there are actually four so this is our third command now and then finally we're just going to enable operational logging to ensure our script block logs are Sav properly and so next up we're going to install all the software we need for the course all right friends so we're coming up on our final steps on our victim machine right now and uh the last thing we want to do is we want to install basically three programs that we're going to need process hacker which is basically going to allow us to look into the live memory uh we're going to download something called win PM which is just a simple binary that's going to allow us to dump the memory for postmortem memory analysis and then we'll install wire shark our good old friend um that will obviously allow us to capture traffic and analyze packet captures so again let's open up Edge the links are once again on the page you can get them there you could Google but we want to make sure we get the 32bit version of wi shark and that's downloading all right so now let's go grab a win PM we can see it's made by phosex the same good people that make velociraptor and let's just make sure to grab the x86 version and now finally we're going to grab process hacker um it doesn't mention Windows 10 or 11 here but that's fine it totally works we can click setup file download that and we can see all three our files have been downloaded now of course it's just a case of installing them the cool thing about winp m is we don't have to install that that's just a a PE so uh we can use that directly I'll just drop that on the desktop now let's install wire [Music] shark next noted next next none of this is that important uh it's really up to you how you want to configure it we don't need to install that or that and now we'll just wait a few minutes for it to install all right then we can see it's completed we can hit next finished that's it and now let's do something similar for process hacker accept next next next next next and we don't need to launch it right now finished and that's it guys our Windows victim system is now pretty much completely set up we just quickly review what we did we deep disabled Ms Defender and update uh we activated cismon and partiall script block logging and then we install the three programs we're going to need wind PM wire shark and process hacker so I'm going to turn the victim VM completely off right now because right now we're going to create a template and then that means in the future whenever whatever course we do or whatever experiments we're running ourselves uh we can basically clone this machine exactly where it is right now meaning that we'll never ever have to perform any of these steps ever again great so once the VM has shut down you'll be back here in VMware Workstation and the first thing I want you to do is right click on the name right there and then head down to snapshot and then take snapshot and now I have this habit or Convention of calling the initial snapshot iack of any VM Genesis you can call it whatever you want and then obviously here under description if you wanted to you could describe all the steps we've done up until now I'm not going to do that now um but you know if you wanted to do that you're obviously welcome and then we just say take snapshot that pretty much takes effect immediately the next thing we want to do is open edit virtual machine settings and there's two things we want to do here first let's go to options and then here let's head down to Advanced and where it says enable template mode to be used for cloning let's enable that and then let's just head right back up to the top to General and now instead of saying victim what I'm going to call it rather as victim template and that just you know indicates or signals to us the label that we shouldn't be using this VM uh this is kind of like you know you can think of it as the you know the blueprint or the archetype that we'll be cloning from and we'll be using those clones so again the template is just a convention that I use for myself uh to remind myself of that and now we can just hit okay and now the final thing we can do is actually create a phone from this which is what we'll be using in the future so again where it says victim template you can right click another thing you could also do if you wanted to is you can press F9 uh which will bring up your library and then you can also right click on it right there they both work and what we're going to do is we'll go down to manage and then clone next you can see here we're uh selecting to clone from the snapshot we created and then we can create a link clone that's fine for now uh so again we can call this whatever we want I'll just call this victim one and that's pretty much it so now you can see we have our victim template if we ever in the future wanted to create um more version verions of it we can do that all right friends so we're now completely done with preparing our victim VM uh let's go ahead and create our other two VMS the attacker and the postmortem analysis machine the attacker great friends okay so next we're going to install our Cali Linux machine and the good news is this time we are literally just going to run the installation because the thing is about Cali it comes preconfigured with everything you need and then some and so as before we can go file new virtual machine typical keep the option there again this time we'll select Linux and it won't actually say C Linux here but C Linux is built on Debian and so we can select Debian 1164 bit so you can give it any name I'll just be calling this hacker yeah and 40 is probably a bit light we can probably up that up to 60 again and once again we'll go customize hardware and I'll pump that up to eight if you can't do eight do at least four and then I'll pump that up to four if you can do four do at least two and then here again we'll change that to use an ISO file we'll browse and we'll select our Cali ISO and that's all we need to do here so we can close finish and once this appears once again we can just click on power on this virtual machine you can close all these popup boxes want to go to view again straight guest keep aspect ratio and we can click on the screen and select graphical install uh so let's just hit [Music] continue all fine and we can keep the host name Ki we don't need a domain name and once again the password will be password right here so just be sure to select that continue continue again that and finish partition right to diss continue this the only thing you got to change say yes these are just different basically desktops and stuff and if you really want to nerd out and read about that and feel free to do that you know for now again I'm just going to keep everything standard all right friends and so right towards the end um it's Bic going to ask you this and yes you just keep the answer yes and continue and then instead of saying enter device manually select if SDA okay friends and so finally we can see that the installation is done just press continue okay so now we're in the operating system so you can just fill in the credentials okay now you can see once again things are very small uh C is a little bit trickier to get to but you got to press this icon which again I know is incredibly small right now and and this one that kind of just looks like three tiny dots right now they're actually sliders we can see the first one says appearance click there then we go to the final tab settings and then here it says window scaling so let's click that and say 2x it could probably still be bigger but for now that I'll have to do okay friends so that's Cali Linux uh we're all good to go like I said we don't have to install anything so next we'll create our analysis machine with a auntu Linux uh image and we'll only install a handful of programs so that'll go very quick as well analyst okay friends and so you probably know the drw well by now so let's just perform it one more time for our Ubuntu analyst machine yeah so just auntu 64 bit and I'll call this analyst you can bump that up we'll customize once again same drill if if you can if you can't you know and if you don't know now browse and downloads and right there close we can finish and it'll pop up in a second there we go and we can power [Music] on all right so here we'll obviously install it and this is your personal preference choose what you want and we'll actually do the minimal installation we don't need all that uh and we'll certainly deselect that continue I mean if you really wanted to you could do normal installation it just has bloat of things you probably won't ever need but if you think you might need it go ahead someone there is all right so this will be analyst and I will use the same password once [Music] again all right and once the installation is done you'll see the screen and obviously we can just hit restart now so we can see here it it kind of thinks that the CD disc is still in uh so what we need to do is we just need to right click there go to settings and then here basically disconnected so now we're going to hit enter it's going to restart and it's no longer going to read as if a CD drive is you know installed or plugged in and we should be able to boot up into Ubuntu fun fact Ubuntu is actually a kosa word kosa is the tribe from South Africa where I'm originally from and it's kind of hard sometimes you have these words that don't like have a direct word translation it's more of a concept or idea um if you Google it right now I'm reading it says Humanity to others so really this idea of like sharing and reciprocity which is probably you know well encapsulated in the whole idea of open-source software anyway just a fun little tidbit there um you can just hit next say no Okay so again we keep that off great great that this came up this is incredibly important it wants us to upgrade to the 22 kernel 20.04 is what re and AC Hunter is currently optimized for this could change in the future when you're listening to this video so that being the case for now just say Do not upgrade otherwise installing 20.04 was kind of pointless we can leave that too we can update from the terminal soon uh so now just go to view stretch guest uh hit that again and you can see it adapted now but we can also see that it's very small like I said before that usually happens in VMS so we're just going to right click we're going to hit display settings and right there we can see we can choose the 300% nice and big all right we'll keep the changes um and now uh I like to just remove I like to just remove a few of these just to kind of declutter I'll keep that one actually and then here the thing we will be using most in Linux obviously is our terminal so just write terminal it comes up we right click and you can say add to favorites and so now you can see it's there in the future would be way easier to get to all right guys so the first thing we're going to install is volatility there's two main ways you could do this you could uh clone the repository from GitHub in the terminal and the thing is about that is that now also requires us to install git um you know so I'm just going to go for kind of an easier simpler way although admittedly it is way less leit um and that's we'll just go to the GI up repository in our browser and we'll directly download the repository as a zip file all right we can go there and uh just you know if you are a kind of quote unquote beginner I know when I started was always like where the hell do you download the zip file from GitHub so just so you know it's not the most intuitive thing for a beginner but you actually go under code and then it's there but you'll always find it there right so we can just click our folder right here going to open this I'm just going to close Firefox cuz this seems to be struggling even with four Pro sissors and 8 gigs of RAM so let's extract it here right now let's right click here the opening terminal and what I want to do is I want to move this folder to my home drive uh so we'll just write MV for move and then we'll select this folder and we will move it to home now we can just CD into our home drive and if I run LS you can see right there is volatility so now let's go into it [Music] uh and you can see here is a text file that says requirements now in that file is basically a list of packages that volatility will need to run properly they're they're python packages and now in order to be able to read this text file and go and just automatically download those packages we need pip okay so as always guys we run this command first because this just makes sure that we will have the latest package repositories to download from so it just make sure that when we go now and download pip we're basically going to download the latest version of it so it's done and now we can just run dudo appt install Python 3 great so that's it we have Pip installed um now we're basically just going to tell pip to read this file and download from it so I'm going to write pip 3 install R and then we will do requirements let's do minimal and that's it guys and we can stay right now in our terminal cuz we can install wire shark directly from here and um the way we're going to do this is you know we already updated the package repository so we don't have to do that again we just run our same command as we did before this one but this time of course instead of installing python will'll be installing wire Shar press y great and then that's it guys uh we have wire shark and volatility installed volatility we will run from command line so there's nothing to do here but just one final thing is let's just right click and also add to favorites um because now you can see we have wire shark and our terminal there so we have the two things that we will mostly be using okay guys so that is by far the most boring part of this entire course we just had to take some time to set things up properly but now that we have we can go ahead and start with the exciting stuff uh which would be the attack and that will be in our next episode so until then peace [Music] out [Applause] [Music] [Applause]

Info

Channel: faan ross

Views: 1,360

Rating: undefined out of 5

Keywords:

Id: 32mrKlqj8CE

Channel Id: undefined

Length: 47min 3sec (2823 seconds)

Published: Wed Nov 29 2023