Cover6 Solutions / Blacks in Cyber (BIC) Winter Conference 2021 - Introduction to #Cybersecurity Workshop
This guide prepares you for the Blacks in Cyber (BIC) Winter Conference 2021 - Introduction to #Cybersecurity training.
This one-day program is designed for beginners and covers the fundamentals of cybersecurity. We start with the basics of common computer and network services and end with exploitation and an understanding of attack methodologies and strategies to defend against them. We will also focus on ways to build a home lab along with challenges and educational references to improve your skillset.
Mr. Tyrone E. Wilson is a passionate information security professional with 24 years of experience in information technology and has a mission to improve as many lives as possible through education in cybersecurity. Wilson also has extensive knowledge in computer network defense, vulnerability assessments, cyber threat analysis, and incident response. As a former cybersecurity analyst for the United States Army, Wilson developed security structures to ensure American intelligence systems were protected from foreign threats. Currently, Wilson is the Founder and President of Cover6 Solutions, LLC; which teaches companies and professionals various aspects of information security, penetration testing, and IPv6.
Wilson is also the organizer of The D.C. Cyber Security Professionals. With over 8,000 members, it is the largest #Cybersecurity meetup group in the United States. In addition, Wilson is also on the Review Board of BSides NoVA and Howard University and has recently presented and/or taught classes at major conferences and events such as BSidesNoVA 2020, BSidesNoVA 2019, BSidesDC 2018, ISACA GWDC Cybersecurity & Risk Conference, ISSA Mid Atlantic Security Conference, BSides NoVA 2017, BSides DC 2017, and DCCyberWeek 2017. Wilson was also a Keynote Speaker at the Hacker Halted 2019.
The #SOCAnalystPrep workshop is the defensive equivalent of the #PentesterPrep workshop. It prepares you to work in a Security Operations Center (SOC) immediately upon completion. For this class, you will need the following tools installed:
- Nmap
- Wireshark
- Nessus Essentials
- Windows Sysinternals Suite
- Clicking this link starts the download of the SysinternalsSuite.zip file
- Kali Linux (Optional)
We DO NOT teach Kali Linux in this workshop. However, you will see offensive techniques used by the instructor to simulate attacker activity.
We will provide you access to the following online servers, so be sure to bookmark the following URLs:
The #PentesterPrep Workshop will require Kali Linux (Kali).
Although the tools can be installed in similar operating systems, these instructions are meant for Kali Linux only.
Step 1. Install a hypervisor
The hypervisor or virtual machine monitor is a software package that allows you to create a virtual machine (VM) on your host device/laptop. Any new virtual machine you make will be considered a guest machine.
We recommend installing VirtualBox (Windows, OS X, Linux, or Solaris) or VMWare Fusion (Mac). For some reason, we’ve had several issues with students running VMWare Workstation. You can download a hypervisor from the following locations:
- VMWare Workstation Player (Free)
- Windows or Linux
- VMWare Workstation Pro ($249)
- Windows or Linux
- VMWare Fusion ($79.99)
- macOS 10.13 High Sierra or later
- VirtualBox (Free)
- Windows, Linux, OS X, and Solaris
The installation process for both VirtualBox and any VMWare products is a straightforward “push-through” install. Unless you have a specific folder where you would like to save your virtual machines, you can accept all of the default options.
Keep in mind that each new VM will require processing power and memory from the host machine. Even with a minimum of 8 GB of RAM, a standard laptop could still fully power the two VMs needed to help you start.
Step 2. Download and install or import Kali
Disclaimer: Kali Linux is an operating system for hackers built by hackers. Upon installing Kali, you will own hundreds of tools. Please be aware of the power of these tools! Improper use of these tools outside of a training environment could lead to severe damage (for anyone you target) and/or jail time (for you).
You can use pre-configured virtual machines, or you can install Kali straight from a .iso file. Be sure to use the images from “Kali Linux VirtualBox Images” if you are using VirtualBox. You can find images and .iso files at the following locations:
For the .iso, we recommend that you use the Kali Linux 64-bit image. Also, be sure to select the right image for your hypervisor (VMWare or VirtualBox).
Step 3. Make the PostgreSQL service persistent
It is good to have the PostgreSQL service remain persistent (start on boot).
# sudo update-rc.d postgresql enable
Step 4. Change the default SSH keys (optional)
To better protect your ssh sessions, we recommend that you change the default keys. You can first create a folder to hold a back up copy of your current keys and then move the current keys to the backup folder.
# sudo mkdir /etc/ssh/backup-keys
# sudo mv /etc/ssh/ssh_host_* /etc/ssh/backup-keys
Now you can create a new set of ssh keys with the following command:
# sudo dpkg-reconfigure openssh-server
Step 5. Configure the Metasploit database
There are additional options to fine-tune and help secure your instance of Kali Linux. Online you can find some tips by searching for “Things to do after installing Kali Linux.” For now, we recommend that you have the Metasploit Database up and running in Kali. The database will help keep all of your scans, vulnerabilities, exploits, and identified credentials or passwords in one place.
A few services are required depending on what version of Kali you have. For older versions, you will need to start the PostgreSQL and Metasploit services. For newer versions, you will only need to start the PostgreSQL service.
Here are the commands needed to ensure your database is working with a fresh Kali Linux install.
# sudo systemctl start postgresql
# sudo msfdb init
# sudo msfconsole
msf > workspace
At this point, you should see a * Default workspace. If the default workspace appears after typing msfconsole and workspace, you are ready for the workshop!
The #AttackNDefend workshop is where we combine both the skills of a penetration tester (pentester) and a Security Operations Center (SOC) Analyst. For this class, you will need the following tools installed:
- Nmap
- Wireshark
- Nessus Essentials
- Windows Sysinternals Suite
- Clicking this link starts the download of the SysinternalsSuite.zip file
This Workshop will also require Kali Linux (Kali).
Although the tools can be installed in similar operating systems, these instructions are meant for Kali Linux only.
Step 1. Install a hypervisor
The hypervisor or virtual machine monitor is a software package that allows you to create a virtual machine (VM) on your host device/laptop. Any new virtual machine you make will be considered a guest machine.
We recommend installing VirtualBox (Windows, OS X, Linux, or Solaris) or VMWare Fusion (Mac). For some reason, we’ve had several issues with students running VMWare Workstation. You can download a hypervisor from the following locations:
- VMWare Workstation Player (Free)
- Windows or Linux
- VMWare Workstation Pro ($249)
- Windows or Linux
- VMWare Fusion ($79.99)
- macOS 10.13 High Sierra or later
- VirtualBox (Free)
- Windows, Linux, OS X, and Solaris
The installation process for both VirtualBox and any VMWare products is a straightforward “push-through” install. Unless you have a specific folder where you would like to save your virtual machines, you can accept all of the default options.
Keep in mind that each new VM will require processing power and memory from the host machine. Even with a minimum of 8 GB of RAM, a standard laptop could still fully power the two VMs needed to help you start.
Step 2. Download and install or import Kali
Disclaimer: Kali Linux is an operating system for hackers built by hackers. Upon installing Kali, you will own hundreds of tools. Please be aware of the power of these tools! Improper use of these tools outside of a training environment could lead to severe damage (for anyone you target) and/or jail time (for you).
You can use pre-configured virtual machines, or you can install Kali straight from a .iso file. Be sure to use the images from “Kali Linux VirtualBox Images” if you are using VirtualBox. You can find images and .iso files at the following locations:
For the .iso, we recommend that you use the Kali Linux 64-bit image. Also, be sure to select the right image for your hypervisor (VMWare or VirtualBox).
Step 3. Make the PostgreSQL service persistent
It is good to have the PostgreSQL service remain persistent (start on boot).
# sudo update-rc.d postgresql enable
Step 4. Change the default SSH keys (optional)
To better protect your ssh sessions, we recommend that you change the default keys. You can first create a folder to hold a back up copy of your current keys and then move the current keys to the backup folder.
# sudo mkdir /etc/ssh/backup-keys
# sudo mv /etc/ssh/ssh_host_* /etc/ssh/backup-keys
Now you can create a new set of ssh keys with the following command:
# sudo dpkg-reconfigure openssh-server
Step 5. Configure the Metasploit database
There are additional options to fine-tune and help secure your instance of Kali Linux. Online you can find some tips by searching for “Things to do after installing Kali Linux.” For now, we recommend that you have the Metasploit Database up and running in Kali. The database will help keep all of your scans, vulnerabilities, exploits, and identified credentials or passwords in one place.
A few services are required depending on what version of Kali you have. For older versions, you will need to start the PostgreSQL and Metasploit services. For newer versions, you will only need to start the PostgreSQL service.
Here are the commands needed to ensure your database is working with a fresh Kali Linux install.
# sudo systemctl start postgresql
# sudo msfdb init
# sudo msfconsole
msf > workspace
At this point, you should see a * Default workspace. If the default workspace appears after typing msfconsole and workspace, you are ready for the workshop!
Lastly, we will provide you access to the following online servers, so be sure to bookmark the following URLs:
Through real-world, hands-on instruction, and with a focus on network defense, we provide a path to a successful career as a Security Operations Center (SOC) Analyst. #SOCAnalystPrep.
Ever wondered what it is like to be on the front line of defense in the Cybersecurity industry? If so, you may be interested in becoming a Security Operations Center (SOC) Analyst.
SOC Analysts are highly sought-after individuals who identify compromised machines and malicious actors. These individuals utilize defensive security skills and techniques that are commonly used in the industry while working to mitigate any damages that may have occurred.
In this training, participants will oversee a network that is currently under attack. Our students will learn various strategies to help defend against several attack scenarios. A few of the tools and technologies that participants will explore include; Security Onion, Wireshark, Splunk, and Nessus. As a participant, we highly recommended that you perform additional research and self-study to continue and maintain your established knowledge and toolkit.
The provided content is listed below as a guide for the course and is subject to change. We appreciate your support and hope that you enjoy the training. We look forward to your participation and feedback, as well.
If you have any additional questions outside of the FAQs, please do not hesitate to reach out to info@cover6solutions.com, and we will be happy to assist you.
Have you ever wanted to learn about what it takes to be a Penetration Tester? Does taking a hands-on practical exam make you nervous? We are here to help you get past that.
Over five weeks (every Tuesday from 6-9 PM ET), our hands-on “Live” workshop will provide what it takes to begin your journey as a successful #Pentester. Whether you are a beginner or a seasoned professional, this training will teach you offensive techniques to improve your pentesting skills all while making you a better defender.
Throughout the course, we will address and discuss various penetration testing topics, tools, technologies, and methodologies that are commonly used in the industry. By no means are the course and its objectives all-encompassing. As a participant, it is highly recommended that you perform additional research and self-study to continue and maintain your established knowledge and toolkit.
The provided content is listed below as a guide for the course and is subject to change. We appreciate your support and hope that you enjoy the training. We look forward to your participation and feedback as well.
If you have any additional questions outside of the FAQs, please do not hesitate to reach out to info@cover6solutions.com and we will be happy to assist you.
Course Outline
This course is tailored to assist with the preparation for all offensive (practical) exams. It also includes the five primary exam objectives for the CompTIA Pentest+ Certification which are:
- Planning and Scoping
- Information Gathering and Vulnerability Identification
- Attacks and Exploits
- Penetration Testing Tools
- Reporting and Communication
Note: This is NOT an official CompTIA Training but but rather preparation for real scenarios you may encounter in pentesting engagements or on the Pentest+ exam. Various tools, techniques and procedures will be covered thus those listed are just examples and are not limited to only those, as material is subject to change.
If you are interested in establishing a foundation of skills for a successful information security career, then this workshop is for you!
This Beginner-Intermediate, eight-week (every Tuesday night) workshop encompasses the skills of both a Penetration Tester (Pentester) and a Security Operations Center (SOC) Analyst. Throughout the course, we will address and discuss various offensive topics, tools, technologies, and methodologies used in the industry. Also, participants will learn how to respond to a network that is currently under attack—using industry technologies such as Nmap, Windows Sysinternals, Security Onion, Wireshark, Splunk, and Nessus. Students will learn numerous strategies to help defend against several attack scenarios.
A Pentester develops and uses offensive skills and techniques to identify weaknesses for exploitation. SOC Analysts identify compromised machines and malicious actors. These highly sought-after individuals utilize defensive security skills and techniques that are commonly used in the industry while working to mitigate any damages that may have occurred.
The provided content is listed below as a guide for the course and is subject to change. We appreciate your support and hope that you enjoy the training. We look forward to your participation and feedback, as well.
Our team has worked hard to create a course that provides a unique learning experience that you won’t find anywhere else. This will be challenging but it will be worth it. It will jump-start your career in cybersecurity and give you an outstanding foundation for the future!
If you have any additional questions outside of the FAQs, please do not hesitate to reach out to info@cover6solutions.com and we will be happy to assist you.
This course is also tailored to help you prepare for the following certifications.
- CySA+
- eJPT
- CEH Practical
Breaking into Cybersecurity w/ Tyrone E. Wilson
Home Lab Setup | Building an Effective Cybersecurity Learning Environment
Passive Information Gathering
Active Information Gathering
Understanding the Metasploit Database
Incident Handling & Threat Hunting w/ Security Onion: Gain Hands-On Cybersecurity Experience
IPv6 Enumeration & Attacks
Virtual Security Operations Center (SOC) Analyst Prep Workshop (Live) – FREE Session
You can check out the following references to gain familiarity with terms and topics you will hear in class.