Adventures in Ethical Hacking

Now that I have finished my Master’s Degree in Cybersecurity, I was pondering the next step for my future and decided that the first thing I needed to do is pick up some of those pesky certs that everybody thinks you have to have. I am not ready to take on the CISSP so I didn’t want to start there. I am still opposed to Microsoft certs as of the moment so I didn’t want to start them. After much pondering, I decided that I would pursue the EC-Council Certified Ethical Hacker (CEH). Thankfully, my current employer has a training program for free that will help me pursue that. It is a little outdated but I feel that the information should be close enough that if I go through the course, I can probably beat it. In fact, my co-worker and friend, Ben, said he attempted the CEH once without studying and only failed by about 3 questions. I might even be able to take the test now but I would rather wait until I train.

Well, for those that are not aware of CEH, it literally teaches you the art of hacking so that you can serve as a penetration tester or network security consultants among other options. In order to complete this exam, I basically have to know how to hack. Sure, I have learned my fair share of this through my MS program but to actually get my hands dirty doing some hacking against my own stuff will offer me exponential benefits. That being said, I decided that I would create a virtual network at home that I can use to carry out my various hacking projects such as getting better at reading SNORT, learning how to use Metasploit more effectively, heck, I even played with Nessus a little but never got too deep. So I created my own virtual network at home to serve as my CEH playground.

For whatever reason, I was feeling rather witty when I created the lab so I used many references from my current (and past) obsession, Doctor Who. First of all, I setup a Windows 2008 R2 Server on my old workstation at home. It only has 5GB of RAM but it will do the work I need. I named this server “Monitor” and it is part of a private domain “Logopolis” (check your Tom Baker Doctor Who).

Now that the main server is setup, I created my virtual environment. This environment consists of a Windows 2008 R2 server that I have named “White Watcher” (see the reference above). Then, I created an Ubuntu server that I have named “Harmony” (which is a much broader reference that you would know if you watch the show). Then, I created a Windows 7 workstation that I named “Polarity” (a reference to the Third Doctor). All of these things are virtual machines.

In order to facilitate communication between the various pieces of my lab, I have all of these devices connected to a single virtual network which I have lovingly named “Castrovalva”. As I type that name, I laugh again because I think that is probably one of the greatest jokes in the whole setup. You see, the first full Doctor Who serial to feature the Fifth Doctor, was called Castrovalva. In this story, the newly-regenerated doctor is trying to find a safe place that he can go to rest while he recovers from the regeneration cycle. He ends up going to Castrovalva which is supposed to be a place of rest. It turns out that Castrovalva is actually a complete virtual reality created by the Master and it exists within his TARDIS which he has conveniently materialized around the Doctor’s TARDIS. Once the Doctor enters the world, it is very hard for him to get out because it isn’t supposed to exist. Are you snickering yet? My entire virtual lab lives only within a single server and it really only works within itself. That’s funny if you are a nerd like me!

But it doesn’t end there… oh no. I took it a step further. The SNORT instance I created on my little Castrovalva network is named “Cloister” and the sound that it makes when it senses an anomaly?? A bell! If you watched Logopolis, you just laughed your head off. If you didn’t, then I will explain. You see, the thing that starts the Logopolis arc in the Fourth Doctor’s final season is that he hears the “Cloister Bell” in the TARDIS. When his companion (Nyssa I think) asked what it means, Baker replies “It means imminent disaster, a catastrophe of epic proportions”. So, if the SNORT instance on my virtual lab ever goes off, it means that someone has actually hacked into my real network, worked their way through my firewalls and IDPS, gotten into my virtual network and triggered something. Imminent Disaster indeed!

As I progress through my training towards my CEH, I will try to post random tidbits of information. The reality is that I mostly made this blog post to make myself laugh at how silly I can be and hopefully make you guys laugh as well.