Showing posts from January, 2019

Fixing Virtualbox RDP Server with DetectionLab

Yesterday I posted about DetectionLab , but noted that I was having trouble with the RDP servers offered by Virtualbox. If you remember, DetectionLab builds four virtual machines: root@LAPTOP-HT4TGVCP C:\Users\root> "c:\Program Files\Oracle\VirtualBox\VBoxManage" list runningvms "logger" {3da9fffb-4b02-4e57-a592-dd2322f14245} "dc.windomain.local" {ef32d493-845c-45dc-aff7-3a86d9c590cd} "wef.windomain.local" {7cd008b7-c6e0-421d-9655-8f92ec98d9d7} "win10.windomain.local" {acf413fb-6358-44df-ab9f-cc7767ed32bd} I was having a problem with two of the VMs sharing the same port for the RDP server offered by Virtualbox. This meant I could not access one of them. (Below, port 5932 has the conflict.) root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant> "c:\Program Files\Oracle\VirtualBox\VBoxManage" showvminfo logger | findstr /I vrde  | findstr /I address VRDE:                        enabled (Addres

Trying DetectionLab

Many security professionals run personal labs. Trying to create an environment that includes fairly modern Windows systems can be a challenge. In the age of "infrastructure as code," there should be a simpler way to deploy systems in a repeatable, virtualized way -- right? Enter DetectionLab , a project by Chris Long . Briefly, Chris built a project that uses Packer and Vagrant to create an instrumented lab environment. Chris explained the project in late 2017 in a Medium post , which I recommend reading. I can't even begin to describe all the functionality packed into this project. So much of it is new, but this is a great way to learn about it. In this post, I would like to show how I got a version of DetectionLab running. My build environment included a modern laptop with 16 GB RAM and Windows 10 professional. I had already installed Virtualbox 6.0 with the appropriate VirtualBox Extension Pack. I had also enabled the native OpenSSH server and performed all