1
00:00:08,450 --> 00:00:13,010
All right, so in the last lecture, I showed you guys how to get started with the trial and now we're

2
00:00:13,010 --> 00:00:14,180
going to jump right in.

3
00:00:14,490 --> 00:00:22,010
So if you don't have your Microsoft defenders for Endpoint signed up yet, you know, make sure you

4
00:00:22,010 --> 00:00:26,120
go through that process first and explain how to do that in the last lecture.

5
00:00:26,690 --> 00:00:29,940
Once you've got that going, you can start creating things and start setting up.

6
00:00:30,220 --> 00:00:34,070
I'm going to go ahead and put my email address in here

7
00:00:37,190 --> 00:00:38,750
and I'll just click next.

8
00:00:42,500 --> 00:00:42,830
All right.

9
00:00:42,830 --> 00:00:45,770
So enter my Microsoft account so you can create a new one.

10
00:00:46,910 --> 00:00:48,650
Let's create a new account.

11
00:00:49,110 --> 00:00:51,680
Randy Moralez.

12
00:00:59,760 --> 00:01:02,070
All right, so we'll just set this guy's account up.

13
00:01:04,440 --> 00:01:05,940
Is the fake company that we created.

14
00:01:12,430 --> 00:01:14,020
Reverify, all right.

15
00:01:15,560 --> 00:01:18,530
Say, Carbon Bich will be our domain name.

16
00:01:20,240 --> 00:01:23,860
So you have to use something different, obviously, for your setup.

17
00:01:25,960 --> 00:01:30,010
Maybe you could pick like Karvan bike one or whatever domain you're using for your range.

18
00:01:34,630 --> 00:01:35,590
All right, Randi.

19
00:01:40,510 --> 00:01:41,870
All right, I'm going to click sign up.

20
00:01:43,060 --> 00:01:45,250
That's weird, the formatting looks really weird here.

21
00:01:47,370 --> 00:01:48,690
It says, creating your account.

22
00:01:50,410 --> 00:01:53,260
Signing U.N. treaty that refreshed the page.

23
00:01:55,320 --> 00:01:56,730
Really, really odd formating.

24
00:01:59,050 --> 00:02:00,060
All right, you're all set.

25
00:02:02,890 --> 00:02:03,540
Get started.

26
00:02:06,890 --> 00:02:10,700
And I'm getting access tonight as soon as I started, so let's see if we can figure out what's going

27
00:02:10,700 --> 00:02:11,090
on here.

28
00:02:11,930 --> 00:02:12,950
It's pretty crazy.

29
00:02:14,600 --> 00:02:16,430
It looks like I'm in read-only mode.

30
00:02:16,730 --> 00:02:18,110
See if we can get out of that somehow.

31
00:02:23,450 --> 00:02:28,430
So I'm just going to flip back over to this tab and click manage your subscription control, click it

32
00:02:29,270 --> 00:02:30,650
and it's going to try to log back in.

33
00:02:36,300 --> 00:02:37,940
To see if this does anything.

34
00:02:38,980 --> 00:02:39,900
All right, so this is good.

35
00:02:39,920 --> 00:02:40,700
Let's go talk about.

36
00:02:44,300 --> 00:02:46,100
All right, so we can see the subscription here.

37
00:02:50,060 --> 00:02:52,750
And we should be good to go there.

38
00:02:54,390 --> 00:02:57,780
All right, we've got the Microsoft defender for endpoint trial here.

39
00:03:04,040 --> 00:03:06,080
We've got Randy Mirrorless in here, the user.

40
00:03:09,580 --> 00:03:12,780
He is a global administrator, so that is really good.

41
00:03:14,470 --> 00:03:14,920
OK.

42
00:03:18,450 --> 00:03:19,830
Yeah, this is what I wanted to see.

43
00:03:20,430 --> 00:03:24,960
This is the security center for Randy, you know, we need to do is click through this wizard.

44
00:03:24,960 --> 00:03:26,130
So we're going to set up the permissions.

45
00:03:26,130 --> 00:03:29,310
We're going to get started at the preferences and then on board our devices.

46
00:03:30,120 --> 00:03:32,610
So what is click next to get started?

47
00:03:33,720 --> 00:03:39,570
And we don't want to store my cloud data because, you know, Windows Defender for Endpoint uses the

48
00:03:39,570 --> 00:03:41,340
cloud for telemetry and compute.

49
00:03:41,650 --> 00:03:45,210
I'm going to store mine in the US and.

50
00:03:46,940 --> 00:03:53,040
I mean, my trial was only for 60 days, so I'll only store a store for 60 days organization.

51
00:03:53,870 --> 00:03:54,520
It's pretty small.

52
00:03:54,560 --> 00:03:56,420
They don't have my size here, but that's fine.

53
00:03:57,080 --> 00:03:57,890
They don't have four.

54
00:03:58,970 --> 00:04:00,580
I think it's the size of my organization right now.

55
00:04:00,590 --> 00:04:00,850
Right.

56
00:04:01,730 --> 00:04:01,970
All right.

57
00:04:01,970 --> 00:04:08,030
We'll click next and saying once we do this, we can't go back and we won't be able to change the data

58
00:04:08,030 --> 00:04:08,700
storage location.

59
00:04:08,720 --> 00:04:09,200
That's fine.

60
00:04:09,700 --> 00:04:13,370
I want to be in the U.S. and let's let it create the instance.

61
00:04:13,520 --> 00:04:14,480
This looks a little big.

62
00:04:14,480 --> 00:04:17,660
Let me put your mind to make it look a little better.

63
00:04:18,930 --> 00:04:25,560
It's go full screen and yes, this is the page I wanted to see, so we're going to open board a device

64
00:04:25,590 --> 00:04:27,950
we're going to start with for up to 10 devices.

65
00:04:27,960 --> 00:04:29,130
We're going to use the local scripts.

66
00:04:29,460 --> 00:04:32,940
And you could do some of these other methods for onboarding your devices.

67
00:04:33,690 --> 00:04:37,830
But we're just going to use a local script because the easiest thing I'm going to click download package.

68
00:04:38,670 --> 00:04:39,120
Sweet.

69
00:04:40,030 --> 00:04:42,780
I'm going to right click and I'm just going to grab this.

70
00:04:43,470 --> 00:04:49,560
So I'm going to minimize this window and drag this in different demoralises screen control all to escape

71
00:04:49,560 --> 00:04:50,060
the VM.

72
00:04:50,520 --> 00:04:52,500
Let's go to his downloads folder.

73
00:04:58,020 --> 00:05:00,660
Control all the SCAP or tablas, which.

74
00:05:02,080 --> 00:05:02,680
Drop it in.

75
00:05:04,160 --> 00:05:09,170
All right, so we've got it there and then we'll just install it and we should be able to run a detection

76
00:05:09,170 --> 00:05:14,150
test after we have everything set up here, open a command prompt window and at the command prompt,

77
00:05:14,150 --> 00:05:17,210
run this command so we'll get all that stuff ready.

78
00:05:18,410 --> 00:05:19,010
Seemed.

79
00:05:21,150 --> 00:05:24,480
All right, so we've got that ready, let's extract this.

80
00:05:26,190 --> 00:05:27,750
Right, click extract all.

81
00:05:35,060 --> 00:05:40,420
All right, we've got the file and to run it, all we need to do is open an elevated command prompt

82
00:05:40,990 --> 00:05:42,400
and execute it.

83
00:05:42,820 --> 00:05:51,250
So I'm going to shift right click and go to copy path type CMD Control shift enter to open an elevated

84
00:05:51,250 --> 00:05:55,630
command prompt with my domain administrator credentials.

85
00:05:56,950 --> 00:05:57,130
Right.

86
00:05:57,130 --> 00:05:58,120
Click to that directory.

87
00:06:00,860 --> 00:06:01,920
You can see it is there.

88
00:06:02,270 --> 00:06:02,850
Let's just run it.

89
00:06:03,350 --> 00:06:06,870
The script is for unboarded machines to the Microsoft defender for endpoint services.

90
00:06:07,760 --> 00:06:08,800
Yes, we want to do that.

91
00:06:10,700 --> 00:06:13,250
So we're going to let this onboarding process start.

92
00:06:14,060 --> 00:06:21,870
And then once it finishes, we will run the detection test script to make sure that everything's working.

93
00:06:22,720 --> 00:06:23,000
All right.

94
00:06:23,000 --> 00:06:25,950
So it said the machine was successfully on board, so that is a good sign.

95
00:06:26,540 --> 00:06:27,890
Let's go ahead and flip back over.

96
00:06:29,060 --> 00:06:35,120
So we're going to click any key to continue and now that is done, close this window, let's run this

97
00:06:35,120 --> 00:06:41,210
detection and then back over to the security center and start using Microsoft Defender for endpoint.

98
00:06:41,510 --> 00:06:43,280
So a new alert should appear in a few minutes.

99
00:06:43,280 --> 00:06:44,210
We're going to proceed.

100
00:06:45,770 --> 00:06:46,070
All right.

101
00:06:46,070 --> 00:06:49,010
So we'll give it a few minutes and then we'll see if we can get our endpoint to show up here.

102
00:06:49,460 --> 00:06:49,700
All right.

103
00:06:49,700 --> 00:06:50,570
See you guys in a little bit.

104
00:06:50,810 --> 00:06:55,460
While waiting for this to load, I'm actually clicking over to the new home for Defendor for End Point.

105
00:06:56,270 --> 00:07:01,410
And it takes us to the Microsoft 365 security portal at security dot Microsoft dot com.

106
00:07:01,760 --> 00:07:06,800
And then if you click on incidents, you'll see us try to prepare the new space for our data and it's

107
00:07:06,800 --> 00:07:07,610
trying to connect to them.

108
00:07:08,030 --> 00:07:09,920
So we won't have to wait a while.

109
00:07:10,040 --> 00:07:11,300
Could take a few hours.

110
00:07:11,690 --> 00:07:14,990
But hopefully, you know, within a few hours we'll be able to get our connections and we'll see our

111
00:07:14,990 --> 00:07:16,020
endpoints pop in here.

112
00:07:16,760 --> 00:07:17,050
Right.

113
00:07:17,060 --> 00:07:17,900
See you in a little bit.

114
00:07:18,800 --> 00:07:19,180
All right.

115
00:07:19,190 --> 00:07:19,880
Nothing there.

116
00:07:20,720 --> 00:07:22,910
Let's see if we can look at our device inventory.

117
00:07:24,200 --> 00:07:27,350
Yes, we've got our PC here, so this is really good.

118
00:07:27,380 --> 00:07:31,960
So right now you can see we are on board it now that we have this one device on board.

119
00:07:32,360 --> 00:07:37,460
First of all, let's just enable standard mode so that we can discover more devices.

120
00:07:37,460 --> 00:07:42,000
And we're basically using that the best approach to discovering devices.

121
00:07:42,730 --> 00:07:43,610
So we're going to enable that.

122
00:07:44,180 --> 00:07:48,320
And then I want to show you how we can confirm that everything's actually working here.

123
00:07:49,310 --> 00:07:49,530
Right.

124
00:07:49,670 --> 00:07:56,810
So what we're going to do is going to scroll down the left pane and go down to settings.

125
00:07:58,380 --> 00:08:06,690
For endpoints, and we want to scroll down to onboarding and we want to grab this detection test script,

126
00:08:07,420 --> 00:08:13,290
so let's grab this and he controls how to copy it, then we'll go back here.

127
00:08:13,920 --> 00:08:17,460
You can see a piece of it in the command when is already pasted in the command window from the last

128
00:08:17,460 --> 00:08:17,790
time.

129
00:08:18,570 --> 00:08:19,680
And they weren't going to press enter.

130
00:08:20,620 --> 00:08:23,710
To make sure it actually works and we get these protections in place.

131
00:08:24,640 --> 00:08:29,080
All right, let's flip back over to the security center, going to go to the homepage.

132
00:08:30,540 --> 00:08:32,370
But let's see if we have any incidents.

133
00:08:35,420 --> 00:08:36,190
He alerts.

134
00:08:39,400 --> 00:08:41,650
Yes, and we did get the alert from PC one.

135
00:08:43,930 --> 00:08:47,440
So we know that this is indeed working.

136
00:08:49,180 --> 00:08:51,430
So I can click the alert and.

137
00:08:53,250 --> 00:08:58,050
I can drill into the process, Trace, I can see, you know, the process ancestry, I can see the partial

138
00:08:58,050 --> 00:09:01,410
command that was executed and I get a lot of good stuff here.

139
00:09:02,730 --> 00:09:03,930
He minimizes a little bit.

140
00:09:07,340 --> 00:09:11,870
Yeah, so we're good to go, guys, so in the next lecture, we're just going to basically put this

141
00:09:12,320 --> 00:09:17,870
file that we downloaded, this Windows Defender file, we're just going to put this on a Pictou and

142
00:09:18,050 --> 00:09:19,550
the DC domain controller.

143
00:09:20,030 --> 00:09:21,860
And then we're good to go, guys.

144
00:09:21,890 --> 00:09:26,450
That's that's really all we need to have our lab set up and completely, you know, completely ready

145
00:09:26,450 --> 00:09:27,170
to run attacks.

146
00:09:27,670 --> 00:09:31,370
I mean, as you can see, we're going to be able to drill in and see everything here.

147
00:09:31,370 --> 00:09:31,650
Right?

148
00:09:31,660 --> 00:09:32,330
I mean, look at this.

149
00:09:32,660 --> 00:09:34,550
It's inspecting the ships.

150
00:09:35,300 --> 00:09:36,860
It's mapping it to the miter techniques.

151
00:09:37,970 --> 00:09:40,140
It's even showing, you know, basically what it does.

152
00:09:40,520 --> 00:09:43,700
So when we went ARTAX, we're going to see the alerts and everything positive pop in here.

153
00:09:44,300 --> 00:09:46,580
And I encourage you to spend some time in here.

154
00:09:47,030 --> 00:09:51,140
You know, click through these different fields, go to hunting, you know, play with this stuff.

155
00:09:51,140 --> 00:09:51,320
Right.

156
00:09:51,320 --> 00:09:54,230
Because this is a this is an awesome tool, as you can probably already see.

157
00:09:54,680 --> 00:09:56,870
And I brought you guys to get really comfortable with it.

158
00:09:56,900 --> 00:10:00,950
I want you to, you know, fill the freedom to explore, to take a look around.

159
00:10:00,950 --> 00:10:02,140
You're not going to break anything, right?

160
00:10:02,150 --> 00:10:02,990
This is your child.

161
00:10:02,990 --> 00:10:04,070
This is your cyber range.

162
00:10:04,430 --> 00:10:05,090
So have fun.

163
00:10:05,210 --> 00:10:05,810
Learn a lot.

164
00:10:06,080 --> 00:10:10,130
And now that you've got everything you need to get going, we're ready to kick this off as we're ready

165
00:10:10,130 --> 00:10:13,990
to start our modern ethical hacking.

166
00:10:14,330 --> 00:10:15,710
I'll see you guys in the next section.

167
00:10:16,100 --> 00:10:16,340
All right.

168
00:10:16,340 --> 00:10:16,570
Bye.