Overview of Learning Vulnerabilities Using Vulnerable Machines

To begin, I am currently starting this as a sophomore student at Eastern Kentucky University. I am majoring in Digital Forensics & Cybersecurity. I am involved in Collegiate Cyber Defense Challenge (aka CCDC). Thus, I saw a needed to understand what a vulnerable machine is and how one could patch them.

In my mission to understand them, I stumbled upon two GitHub that seemed of interest to me. Firstly, I found SecGen (https://github.com/cliffe/SecGen) which is a GitHub repository where you can generate randomized vulnerable machines to test your red team skills/pen testing or blue team skills with patching. At the moment, I'm still working through several errors I'm getting from using it, but have created several projects from SecGen that have seen some potential to help me learn.

Secondly, I stumbled upon the VulNyx GitHub (https://github.com/VulNyx/). In turn, I was led to their website (https://vulnyx.com/). VulNyx currently has 79 vulnerable machines available for people to try to exploit. The following is the basic network settings of what will follow in my write ups.

To begin, we downloaded a vulnerable virtual machine from the VulNyx website. For this example, we have downloaded the first one called "Ready". You will have to use a virtualization software to use these machines. In my case, I will be using VMware Workstation Pro. Additionally, you will need another machine to do the pen testing. In my case, I have gone for Kali-Linux. Both of these will be placed within VMware. We do not want to expose this vulnerable machine to my actual network (NAT), nor do we want to use bridge in case malware plays a part in these vulnerable virtual machines. Therefore, we have gone for a "Host-Only" network on the Kali-Linux machine, which you can see below.

Next, we need to configure our VulNyx vulnerable virtual machine box. Instead of using "Host-Only" network type, this time we will use "Custom". Within the "Custom" drop down menu, we will select "VMnet1 (Host-Only). This will allow the two machines to interact with each other without risking our own home machine.

My goal for this project is to develop some knowledge of vulnerabilities and red team skills which in turn will help develop my blue team skills. By the end of all the vulnerable machine projects, I hope to achieve an understanding of what to look for in a machine and to assess the vulnerabilities that resides inside it. I will document the steps I have taken to achieve the final goal in each one of these machines. I will start with VulNyx's first machine called "Ready".