CYBERSECURITY JOB HUNTING GUIDE
  • Home
  • Introduction
    • Things you should know
    • The strategy
  • Paths into Cybersecurity
    • First steps
    • SWOT Analysis
    • How much time do you need?
    • Calculate& Evaluate Knowledge
    • Imposter syndrome
    • Time Management
    • Cybersecurity Domains
    • Cloud Security
    • Financial advice >
      • Credit score
    • The salary
    • Advocacy for underrepresented groups
  • Goal Setting & Career paths
    • Find your career in 5 steps
    • Cybersecurity career options
    • Career finding with LinkedIn
    • Transferable Skills (general)
    • Transferable IT Skills
    • Find a path with job descriptions
    • The I do not know path
    • Do you know “garbage” jobs?
    • “Bonus” knowledge
    • Learning & Motivation
    • Particular vs. any job
    • Pentester path (start)
    • Pen Testing as Career
    • SOC Analyst as career
    • Security Engineer as career
    • Compliance & Risk as career
    • How to find a career (IAM Engineer)
    • Find a company
  • Networking
    • Networking like a pro
    • LinkedIn
    • Referrals & Skills
    • LinkedIn Recruiters >
      • Working with a recruiter
    • Cyber Community
    • Networking University
    • Mentoring
    • Build your personal brand
    • Goal of Networking
  • Hands-on
    • The home lab >
      • Designing a home lab
      • Ways to create a home lab
      • Hypervisors >
        • VirtualBox
        • VMWare Player
        • QEMU/KVM
      • Docker
      • Operating Systems >
        • Kali Linux >
          • Installing Kali with VirtualBox
        • Parrot
        • BlackArch
        • Red Hat Enterprise Linux >
          • RHCSA
        • Security Onion >
          • Installation Security Onion
        • Metasploitable2
        • Ubuntu
        • Windows >
          • Windows in a VM
          • Windows with Virtual Machine Manager
          • Preparing Windows logging
          • John Strand's ADHD VM
      • Firewalls >
        • pfSense Installation
        • pfSense configuration for Security Onion
    • Volunteer Work
    • Note Taking
    • Red labs >
      • Cyberseclabs
      • HackTheBox >
        • HackTheBox Academy
      • INE red side
      • RangeForce
      • Offensive Security
      • TryHackMe
      • Virtual Hacking Labs
    • Red tools & techniques >
      • Atomic Red Team
      • DVWA
      • Metasploit
      • OSINT tools
      • OWASP Juice Shop
    • Blue labs >
      • Blue Team Labs Online
      • DetectionLab (free)
      • INE
      • Letsdefend >
        • LetsDefend password stealer
      • Opensecuritytraining (free)
      • PurpleLabs
      • RangeForce
    • Blue tools >
      • Install a Canary Token
      • CyberChef
      • EDR Lima Charlie installation
      • EDR LimaCharlie configuration
      • EDR Velociraptor (free)
      • EDR Bluespawn (free)
      • DeepBlueCLI (logs Powershell, free)
      • Raccine (ransomware protection, free)
      • Install RITA (detects C2 traffic, free)
      • Sandboxes >
        • Joe's Sandbox
      • SIEM ELK Stack
      • SIEM Graylog >
        • Getting started with Graylog
        • Install Graylog
        • Graylog Windows agent
        • Graylog Linux agent
        • Graylog as application
      • Suricata with RangeForce
      • Identifying IoCs with RangeForce
      • What2Log
  • Certifications, Degree & Courses
    • Overview
    • Free & Affordable Resources
    • Pick your cert
    • Skill Assessment
    • Get a cheap degree
  • (Employment) fraud & scams
    • Suspicious Offer
    • Second Offer
    • Certification Scams
    • Fraud with courses
  • Analyzing a job ad
    • The Header
    • Building a Bridge
    • The Responsibilities
    • Desired Skills
    • Preferred Qualification
    • Benefits
    • Own skills vs job ad
    • Dealing with poorly written job ads
  • Resume writing
    • Templates
    • Building a draft
    • Resume in Detail
    • Understand the company
    • ATS and tailoring
    • Last Step
  • Cover letter
    • Writing a cover letter
  • Preparation & Interview
    • Organize your job hunt
    • SWOT Again (interview)
    • Twitter
    • The interview
    • Interview Questions Designed To Trick You
    • Post interview tasks
  • I did it all, but...
    • You are not alone
    • Try Something New
    • Why You'll Fail in Cyber Security
  • Yes, I got a job!
    • Two, or more offers?
    • Continued learning
    • Moving up
    • Lessons learned
  • Conclusion
  • Additional things
    • Reviews (labs, courses, certs) >
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
      • CompTIA Server+
      • CompTIA PenTest+
      • DroneSec DSOC
      • Defensive-Security Purple Labs
      • FAA Part 107
      • INE eCPPT & PTP
      • Letsdefend review
      • Microsoft AZ-500
      • RangeForce SOC 1
      • RangeForce SOC 2
    • Work In A Different Country >
      • The Work Permit
      • Working in the US
      • Studying in the US
      • Studying in Germany
      • Work in a different country
    • Other Resources >
      • Useful Links >
        • All about careers
        • Red resources
        • Blue resources
      • YouTube
      • Twitch
      • Podcasts
      • Books
      • Udemy
      • Thanks
    • Contributors
  • Stefan Waldvogel, where can I help?
  • Home
  • Introduction
    • Things you should know
    • The strategy
  • Paths into Cybersecurity
    • First steps
    • SWOT Analysis
    • How much time do you need?
    • Calculate& Evaluate Knowledge
    • Imposter syndrome
    • Time Management
    • Cybersecurity Domains
    • Cloud Security
    • Financial advice >
      • Credit score
    • The salary
    • Advocacy for underrepresented groups
  • Goal Setting & Career paths
    • Find your career in 5 steps
    • Cybersecurity career options
    • Career finding with LinkedIn
    • Transferable Skills (general)
    • Transferable IT Skills
    • Find a path with job descriptions
    • The I do not know path
    • Do you know “garbage” jobs?
    • “Bonus” knowledge
    • Learning & Motivation
    • Particular vs. any job
    • Pentester path (start)
    • Pen Testing as Career
    • SOC Analyst as career
    • Security Engineer as career
    • Compliance & Risk as career
    • How to find a career (IAM Engineer)
    • Find a company
  • Networking
    • Networking like a pro
    • LinkedIn
    • Referrals & Skills
    • LinkedIn Recruiters >
      • Working with a recruiter
    • Cyber Community
    • Networking University
    • Mentoring
    • Build your personal brand
    • Goal of Networking
  • Hands-on
    • The home lab >
      • Designing a home lab
      • Ways to create a home lab
      • Hypervisors >
        • VirtualBox
        • VMWare Player
        • QEMU/KVM
      • Docker
      • Operating Systems >
        • Kali Linux >
          • Installing Kali with VirtualBox
        • Parrot
        • BlackArch
        • Red Hat Enterprise Linux >
          • RHCSA
        • Security Onion >
          • Installation Security Onion
        • Metasploitable2
        • Ubuntu
        • Windows >
          • Windows in a VM
          • Windows with Virtual Machine Manager
          • Preparing Windows logging
          • John Strand's ADHD VM
      • Firewalls >
        • pfSense Installation
        • pfSense configuration for Security Onion
    • Volunteer Work
    • Note Taking
    • Red labs >
      • Cyberseclabs
      • HackTheBox >
        • HackTheBox Academy
      • INE red side
      • RangeForce
      • Offensive Security
      • TryHackMe
      • Virtual Hacking Labs
    • Red tools & techniques >
      • Atomic Red Team
      • DVWA
      • Metasploit
      • OSINT tools
      • OWASP Juice Shop
    • Blue labs >
      • Blue Team Labs Online
      • DetectionLab (free)
      • INE
      • Letsdefend >
        • LetsDefend password stealer
      • Opensecuritytraining (free)
      • PurpleLabs
      • RangeForce
    • Blue tools >
      • Install a Canary Token
      • CyberChef
      • EDR Lima Charlie installation
      • EDR LimaCharlie configuration
      • EDR Velociraptor (free)
      • EDR Bluespawn (free)
      • DeepBlueCLI (logs Powershell, free)
      • Raccine (ransomware protection, free)
      • Install RITA (detects C2 traffic, free)
      • Sandboxes >
        • Joe's Sandbox
      • SIEM ELK Stack
      • SIEM Graylog >
        • Getting started with Graylog
        • Install Graylog
        • Graylog Windows agent
        • Graylog Linux agent
        • Graylog as application
      • Suricata with RangeForce
      • Identifying IoCs with RangeForce
      • What2Log
  • Certifications, Degree & Courses
    • Overview
    • Free & Affordable Resources
    • Pick your cert
    • Skill Assessment
    • Get a cheap degree
  • (Employment) fraud & scams
    • Suspicious Offer
    • Second Offer
    • Certification Scams
    • Fraud with courses
  • Analyzing a job ad
    • The Header
    • Building a Bridge
    • The Responsibilities
    • Desired Skills
    • Preferred Qualification
    • Benefits
    • Own skills vs job ad
    • Dealing with poorly written job ads
  • Resume writing
    • Templates
    • Building a draft
    • Resume in Detail
    • Understand the company
    • ATS and tailoring
    • Last Step
  • Cover letter
    • Writing a cover letter
  • Preparation & Interview
    • Organize your job hunt
    • SWOT Again (interview)
    • Twitter
    • The interview
    • Interview Questions Designed To Trick You
    • Post interview tasks
  • I did it all, but...
    • You are not alone
    • Try Something New
    • Why You'll Fail in Cyber Security
  • Yes, I got a job!
    • Two, or more offers?
    • Continued learning
    • Moving up
    • Lessons learned
  • Conclusion
  • Additional things
    • Reviews (labs, courses, certs) >
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
      • CompTIA Server+
      • CompTIA PenTest+
      • DroneSec DSOC
      • Defensive-Security Purple Labs
      • FAA Part 107
      • INE eCPPT & PTP
      • Letsdefend review
      • Microsoft AZ-500
      • RangeForce SOC 1
      • RangeForce SOC 2
    • Work In A Different Country >
      • The Work Permit
      • Working in the US
      • Studying in the US
      • Studying in Germany
      • Work in a different country
    • Other Resources >
      • Useful Links >
        • All about careers
        • Red resources
        • Blue resources
      • YouTube
      • Twitch
      • Podcasts
      • Books
      • Udemy
      • Thanks
    • Contributors
  • Stefan Waldvogel, where can I help?
  CYBERSECURITY JOB HUNTING GUIDE

Install and use of Docker

with Debian based Linux
Author: Stefan Waldvogel

Small machine with few cores: use Docker

-under construction, installation works but not accessing via external access-​
Overview

This article shows a small introduction to Docker. I use Ubuntu, but you can follow this guide with Kali. 

Docker? What is it?
Docker is a unique software (or container), and it simulates an entire operating system. You can use VMs to a different OS on your system, but Docker is more efficient and very fast. For a VM, you need dedicated hardware like a core and 4 GB RAM. Docker works differently, and it is not a problem to run 10 Docker containers on a single machine with 4 cores.

Usage
Let us say you do not have the financial support to buy a powerful machine, and cloud does not work either. You can do this: As the main system, you install a Kali Linux and run a Metasploitable2 in a Docker container. Now, you can sharpen your penetration testing skills.
Start with a guide like this: docs.rapid7.com/metasploit/metasploitable-2-exploitability-guide/, and you can learn penetration testing for free and everywhere.

Installation
The installation is simple. You can follow the official guide (docs.docker.com/engine/install/debian/) or follow these steps here.

Commands
sudo apt-get update
sudo apt-get install \
  apt-transport-https \
  ca-certificates \
  curl \
  gnupg \
  lsb-release

Add the key
sudo apt install curl

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

 echo \
 "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Install Docker
sudo apt-get install docker-ce docker-ce-cli containerd.io

Download centos 
sudo docker pull centos
This is an example; you can download many different operating systems. You find them here: hub.docker.com/search?q=&type=image&category=os 
This is the Docker hub. You see the matching command on the right side, and sometimes you can work with tags. Tags are used if you want to install a specific version. If we need an old Ubuntu 12.04 we can use the tag 12.04 to download it (sudo docker pull ubuntu:12.04)

​Run or start a Docker container
sudo docker run -d -t --name mycentos centos
Picture
We want to see the running containers.
​sudo docker ps -a
Picture
Now we can connect to the container
​sudo docker exec -it mycentos bash
Picture
You can leave the container with
​exit

Basic commands
docker ps -a   {shows all existing Docker containers with their status}
Picture
Here, we see our mycentos, but we do not have a shell on this machine.​ The reason for this behavior is the -it switch. With this switch, we create an interactive shell, and if we exit the shell, the container is still in a state of "half" running.
If we test a container, we can use the command docker run -it-rm [IMAGE] to destroy the container after leaving it.

Start and stopping is simple
docker start [CONTAINER]
docker stop [CONTAINER]

You want to know what images you have
docker image ls
Picture
Connection to a running container
docker start mycentos
​docker exec -it mycentos /bin/bash
Picture
With these commands, we can access the container.
Metasploitable 2 with Kali Linux
​

sudo docker pull tleemcjr/metasploitable2
Picture
​sudo docker run -d -t --name mymet1 metasploitable2
sudo docker ps -a

sudo docker exec -it mymet2 sh -c "/bin/services.sh && bash"

​Alternative in one command:
docker run --name mymet2 -it tleemcjr/metasploitable2:latest sh -c "/bin/services.sh && bash"


Picture
With Docker, you can do a lot more things but we will keep it simple.

On the right side, you see an IP address (172.17.0.3) and if you have Kali/Ubuntu on your main system you can run nmap against this machine.
Install nmap if not done:
sudo snap install nmap

we can run nmap with:
sudo nmap 172.17.0.3
and we will get an error (failed to open device docker0). The reason is, we have a network problem and the container is not reachable via our machine. Google can help us with a guide: blog.oddbit.com/post/2014-08-11-four-ways-to-connect-a-docker/

The oddbit guide requires a bit of Linux knowledge.
Create docker-pid with gedit
gedit docker-pid
-> copy the following commands and save the file.
#!/bin/sh
exec docker inspect --format '{{ .State.Pid }}' "$@"
​

Make it executable with
chmod +x docker-pid

Test the program with
sudo ./docker-pid {name of your running container}
Picture
We create a similar program for the IP address with the command
gedit docker-ip
#!/bin/sh
​
exec docker inspect --format '{{ .NetworkSettings.IPAddress }}' "$@"
Picture
chmod +x docker-ip
​sudo ./docker-ip mymet4
Picture
Now, we have the ip and the pid of our container but we need to know out host IP, too. The command is:
ip a
In my network, there are a ton of other networks, but I want the IP for enp1s0
Picture
sudo ip addr add 172.17.0.12/21 dev enp1s0
sudo docker run -d --name mymet12 -p 172.117.0.12:100:80 
tleemcjr/metasploitable2

sudo docker exec -it mymet12 sh -c "/bin/services.sh && bash"


sudo ip
route add 172.17.0.10/16 dev docker0


sudo docker run -d --name mymet1 -p 192.168.1.20:90:80
tleemcjr/metasploitable2
sudo docker exec -it mymet1 sh -c "/bin/services.sh && bash"

docker run --name mymet2 -it -p 192.168.1.20:90:80 tleemcjr/metasploitable2:latest sh -c "/bin/services.sh && bash"

sudo apt-get install bridge-utils


Next: Operating systems
© 2021. This work is licensed under a CC BY-SA 4.0 license​