The best way to learn it to get hands-on.
Virtualization provides a way to run a simulated “guest” system on your “host” device. These guest systems are called virtual machines. Virtual machines (VMs) allow you to experiment with a different (or same) operating system in an isolated environment, where what you do can’t harm your host device.
If you are a Dues Paying Member of Hack@UCF, you can host virtual machines on the Hack@UCF Private cloud. Instructions are on our wiki here if you have any questions ask in the Infra Help Desk Channel on Discord.
If not, you can host virtual machines yourself using software like VMware Workstation and Oracle VirtualBox. Or you can pay a cloud provider like AWS, Azure, or GCP to host virtual machines for you. AWS has a great free tier that will let you get started. Azure tends to be more expensive, but as a student you may get free credits. If you are new to cyber, we recommend picking either Windows Server or a common Linux distribution (Ubuntu, CentOS, etc) to get started with. Set up a virtual machine to test with and get your hands dirty.
If hosting your own virtual machines with Workstation Player or VirtualBox, you will need to get a .iso file that contains the installer for the operating system you chose. For example, Ubuntu ISOs can be acquired here. Windows Server ISOs can be downloaded from the Microsoft Evaluation Center.
As part of Hack@UCF’s Fall curriculum leading up to HPCC3, we will be teaching the fundamentals of cyber defense on Linux and Windows.
A good place to start is the Hack@UCF Presentation Materials channel located in our discord server direct channel link.
In the meantime, here is a short guide written for HPCC0. The guide is based on a talk given at one of our general body meetings.
The overall winning team from 2023 gave a GBM on how they did it, as well as a blog post. https://jontyms.com/posts/hpcc1/
https://www.youtube.com/watch?v=7eBdm9UYhug
These links are also very good.
https://sourque.com/blog/securing-a-linux-server/
https://linuxjourney.com
https://www.youtube.com/playlist?list=PLqux0fXsj7x3WYm6ZWuJnGC1rXQZ1018M
https://www.youtube.com/live/EFgZPxpLKS0?si=65Jh7pjyb_QWylaF
https://www.youtube.com/watch?v=hGbGcp_V8W4
https://sadservers.com/
TryHackMe has a bunch of free Windows threat hunting/forensics rooms. Toggle free only subscription type, blue team pov, and search windows. There are also a few great Linux security rooms too.
https://tryhackme.com/hacktivities/search
https://www.youtube.com/watch?v=mTWeU4HtNj0
https://youtu.be/Nxwy-CiD_Jc?si=2-vcROcqVfIR3-Uk
https://youtu.be/ilsIvW0eC8w?si=UQwQLg73ziNirnB7
https://youtu.be/Z2QjPE7vV24?si=xuNle51EsBskRKT0
https://youtu.be/hum4hzNE_j8?si=z7v8gCEan-kxzYX_
https://www.youtube.com/watch?v=67z9PyYjtzo
https://www.youtube.com/watch?v=dp5cOVEtTSI
https://www.youtube.com/watch?v=dpeTH49soMk
Take a look at the old Blue Team packets from previous years.