# The Low Power Analayst’s Lab Setup

## Hardware

I wanted to keep this “Lab” as mobile as possible and as flexible as possible.
So I’m using a pocket router for this, since it is powered by USB and is based on OpenWRT, low power, easy to use and low price.
You could do all of this in localised VMware workstaion, or VirtualBox. It may not be the best of choices to do things in a local virtualized environment – and also brings its limitations.

– Intel NUC NUC6i3SYH
– 32 GB Ram (I’m using 2x Kingston modules, NUC’s are not very picky…)
– USB network card
– SSD, almost any will do. I had a spare Samsung 850 EVO 500GB available
– GL-AR150 as a router
– USB stick to boot & install ESXI

## Software

This may be very unique for whatever you want to do with your lab. I’m using this for a mix between malware analysis and learning platform for network defense, analysis and playground for nasty stuff.

– ESXI
– IWSVA (Interscan Web Security Virtual Appliance, Trend Micro)
– Some other various Trend Micro tools
– Linux Distribution of your preference, I’m using Ubuntu Server 16.04 LTS
– Kali Linux
– RemNux Linux
– Windows 10 Client (Any will do)
– Windows XP Client (Preferrably unpatched, for testing)

## Set up GL-AR150 router

Keep in mind what you want to do with this lab. If it is for malware analysis, you propably want to keep everything isolated and not connect this to any other network or the internet.
But its great to have DHCP available and an option to easiy connect to your ESXI host and remote access your various machines.

## Install ESXI

It’s very easy to do, you have to choose if you want to install it on the SSD, lose a little bit of disk space, but have nothing sticking out of the NUC, or install it on the USB drive and spare the disk space.

## Install 2nd network card to Intel NUC

The NUC’s (so far) don’t come with a secondary network – so we have to play with this a little bit to get things going.
It is very possible to do most of it with only one network, but I wanted to have the option available – and it’s fairly straight forward to do.

Step 0.) Download the ESXi 6.5 USB Ethernet Adapter Driver VIB or ESXi 6.5 USB Ethernet Adapter Driver Offline Bundle and upload it to your ESXi host

Step 1.) If you are upgrading from an existing ESXi 5.5 or 6.0 environment, the first thing you will want to do is uninstall the old driver by running the following command (specify the correct name of the driver):

$ esxcli software vib remove -n vghetto-ax88179-esxi60u2

If you have a fresh install of ESXi 6.5, jump straight to Step 2.

Step 2.) – Install the VIB by running the following ESXCLI command to install:

$ esxcli software vib install -v /vghetto-ax88179-esxi65.vib -f

Step 3.) – Next, you will need to disable the USB native driver to be able to use this driver. To do so, run the following command:

$ esxcli system module set -m=vmkusb -e=FALSE

Step 4.) – Lastly, for the changes to go into effect, you will need to reboot your ESXi host. Once your system has rebooted, it should now automatically load the USB Ethernet driver and you should see your USB Ethernet Adapter as shown in the screenshot below.

MORE:
1.) Install drivers

USB 3.0 Ethernet Adapter (NIC) driver for ESXi 6.5

2.) configure network card

Functional USB 3.0 Ethernet Adapter (NIC) driver for ESXi 5.5 & 6.0

## Get things going

Now we should be ready to start installing our software.
Based on whatever your later project may be, you can install your VM’s on the ESXI host now.

For what it is, its quite a powerful toolkit to have at hand – it’s of low power consumption, almost silent and very affordable.