How To Create a Logical Diagram | Day 1

00:00

welcome to day one of the 30-day my

00:02

defer sock analyst challenge which is a

00:05

challenge that I created for the sole

00:07

purpose of helping aspiring sock analyst

00:09

obtain practical experience in 30 days I

00:12

hope that you're as excited as I am to

00:14

get started but before I jump right in

00:17

if this is your first time seeing my

00:18

videos hello my name is Steven and I

00:20

been in the cyber security industry for

00:22

about 8 years now focusing specifically

00:25

in the security operations domain and I

00:28

am now a digital forensic and incident

00:30

response Consultants I do help Mentor a

00:33

lot of individuals who want to get into

00:36

cyber security specifically as a stock

00:38

analyst and one of the major problems

00:41

that I often see is the lack of

00:43

practical experience with this 30-day

00:45

challenge my goal here is to help those

00:48

gain confidence in their Hands-On skills

00:51

and obtain the required practical

00:53

experience but enough of me talking

00:55

let's get right into it to get started

00:58

you want to head over to draw.io and and

01:00

then you'll be presented with this page

01:02

right here if this is your first time

01:03

using draw.io don't worry this is pretty

01:06

easy to use and I'll go over very

01:08

quickly on the left hand side we do have

01:10

some shapes that we can select from and

01:12

we can also select miss or Advanced or

01:15

any other tabs here however we are going

01:18

to mainly Focus under the general tab

01:21

here at the top we can actually name our

01:23

diagram currently it is called Untitled

01:26

diagram by default now to name it we can

01:29

just simply click on on it and then we

01:30

can type in let's say 30-day my defer

01:34

diagram and then click on rename and now

01:37

our title is 30-day my defer diagram on

01:39

the right hand side we do have some

01:41

options for our diagram and style so for

01:44

example we can show the Grid or not just

01:46

by checking this we can have the page

01:48

view have a background color shadow or

01:51

sketch but for now I'll just uncheck

01:54

Shadow and sketch and I'll just leave

01:56

everything as default see pretty easy

01:59

right first and foremost let's think

02:01

about what we're going to be building

02:02

for this challenge for this challenge I

02:05

am going to be building six servers so

02:07

on the top leftand corner I am going to

02:10

search for server and hit enter and now

02:13

here are all of the icons related to the

02:15

word server I'll click on more results

02:17

and we do have this server right here a

02:20

traditional server so I'll go ahead and

02:21

click on that and it gets placed right

02:24

here so what I'll do is select the

02:26

server and hold control D to duplicate

02:29

this we want to have six servers so

02:32

that's three 4 5 and six let's go ahead

02:36

and drag this over here and I'll be

02:38

using the cloud provider vulture to be

02:40

creating all six servers on the left

02:43

hand side I'll select this rounded

02:46

rectangle and what I'll do is just

02:48

expand this here next on the left I'll

02:51

click on the text and then I'll type in

02:54

vulture that way we can just signify

02:56

that hey we are using the vulture cloud

02:58

provider put this over on the top left

03:01

hand corner and because our servers are

03:03

behind this I'm going to right click and

03:06

select two back now our servers are all

03:10

in the front for our first server we are

03:12

going to be spinning up elastic and

03:15

Cabana the next one this is going to be

03:18

our Windows server and we'll have RDP

03:22

enabled for the next one we'll say

03:25

Ubuntu server with SSH enabled then next

03:29

we'll have a fleet server and then we'll

03:32

have an OS ticket server and finally

03:35

we'll have a C2 AKA command and control

03:39

server now although This Server will be

03:41

built using vulture I'm actually going

03:44

to just put this out for now and I'll be

03:46

coloring this red by selecting red at

03:49

the top right hand corner now this color

03:51

is pretty pink so I'll just select the

03:54

color and we'll select red perfect if

03:57

you're not familiar with Cloud providers

03:59

whenever you spin up a virtual machine

04:01

within the cloud you do have the option

04:03

to configure what is called a VPC AKA a

04:07

virtual private cloud and essentially

04:10

what a VPC will do is put all of your

04:12

virtual machines that you created in the

04:14

cloud in the same private network if you

04:17

configure it that way so let's draw that

04:19

for our diagram here I'll go ahead and

04:21

search up VPC and we do have one here so

04:25

I'll click on the VPC icon and let's

04:28

expand this just a bit that way we have

04:30

more playroom for our diagram I went

04:33

ahead and formatted this just a little

04:34

bit that way it looks more presentable

04:37

and by all means you can go ahead and

04:38

copy this as well the next thing I'll do

04:41

here is start connecting our servers to

04:43

each other starting with our Windows

04:45

server with RDP enabled if you hover

04:47

this server with your mouse you'll

04:49

notice that there are four directional

04:51

arrows so what I'll do is click and hold

04:54

the one on the right and then I'll

04:56

connect it over to our Fleet server now

04:59

if you're not familiar with what a fleet

05:00

server is or any of the servers don't

05:03

worry because in the future videos I'll

05:05

be going over each server that way by

05:08

the end of the videos you'll know

05:10

exactly what these servers are let's do

05:12

the same for our Ubuntu Server so I'll

05:14

go ahead and connect that over to our

05:16

Fleet and I'll double click the arrow

05:18

and I'll type in managed and then do the

05:21

same for the Ubuntu managed and then

05:23

we'll connect our Fleet server to our

05:26

elastic and kabana just like that and if

05:29

you notice our arrow is pointing

05:31

directly to our elastic and Cabana

05:33

server but there's nothing for our Fleet

05:36

server so what I'll do is click on the

05:38

arrow and on the right hand side where

05:40

it says None I'll select this and then

05:42

click on the first icon underneath none

05:46

which is this Arrow icon here what this

05:48

will do is say hey this is a biral arrow

05:52

and that is what I'm trying to show here

05:54

I will also color this let's pick orange

05:58

and I'll change the pattern as as well

06:00

I'll select the fourth one for now yeah

06:03

that looks pretty good and then for OS

06:05

ticket let's go ahead and connect that

06:07

over to elastic and I will color this as

06:10

yellow let's do a bidirectional as well

06:13

just like that and then I'll double

06:14

click this and say alerts slash

06:19

tickets and you know what let's change

06:21

the pattern to the same pattern for the

06:24

fleet server in Cabana this is going to

06:27

say manage agents and let's connect our

06:31

Windows Server over to our elastic and

06:34

Cabana as well I'll do you buntu and

06:36

connect it like that now I don't like

06:38

how the arrows are super stiff like this

06:41

s shape here so I'll click on this and

06:44

click on this Waypoint icon and select

06:49

straight now it's a lot neater in my

06:51

opinion I'll do the same for the Ubuntu

06:54

server and let's color this blue color

06:58

that blue and and I'll change the

07:00

pattern to the same pattern as what I

07:03

used for the fleet server and Os ticket

07:06

which is the fourth one

07:07

here nice what this arrow is going to

07:10

represent is the logs that are being

07:13

forwarded from the Windows Server into

07:15

elastic and Cabana so I'll say forward

07:20

logs via agent do the same for the

07:23

Ubuntu as

07:25

well the next thing I want to do is

07:28

specify what my private Network range

07:30

will be so I'll click on the text icon

07:32

at the left drag this over

07:35

here and let's say private Network let's

07:39

see what's a good range that we can use

07:41

you know what I'll just say 172 31.0 do0

07:47

and this will be a

07:48

sl24 what this means is that my IP range

07:52

will be 172 31.0 do1 all the way to

07:57

254 which is more than enough for this

08:00

challenge with a sl24 that means my

08:02

subnet mask is going to be

08:07

255.255.255.0 and just to make this a

08:09

little bit more cleaner on the right

08:11

hand side I'll select this left text

08:14

align and that just did my Subnet Mass

08:16

so I'll highlight all of the text and

08:19

click on this left text align again

08:22

beautiful that's looking pretty good now

08:24

I am missing a couple icons here the

08:26

first one being the internet gateway so

08:28

let's go ahead and search that up

08:30

internet gateway and we'll select the

08:33

first one let's drag that up here

08:36

minimize this just a bit expand this

08:39

here so we have more room to play with

08:42

you can kind of think of this internet

08:43

gateway as our internet service provider

08:46

in a sense and the next thing is our

08:48

internet so I'll just type in cloud and

08:51

this cloud is going to represent our

08:53

internet and let's go ahead and connect

08:55

our Internet to our internet gateway and

08:58

our internet gateway to our VPC just

09:01

like so perfect the next thing we want

09:03

to do is our computer so search up

09:07

computer and do we have a fancy one ah

09:10

let's just use the laptop I guess make

09:13

this a little bit bigger here and double

09:15

click this this will be our sock analyst

09:19

laptop and I'll go ahead and connect

09:21

this over to the internet and change

09:23

this line to straight there you go

09:27

double click that I'll say connect to

09:31

elastic Cabana via web guy and you know

09:35

what let's duplicate our sock analyst

09:38

laptop drag this over and I will say

09:41

attacker laptop and color this red

09:45

perfect this will have C Linux

09:49

installed and our C2 server will

09:53

be

09:55

Mythic nice and I think this is pretty

09:59

much it to be honest Let's see we have

10:01

our stock analyst laptop to the internet

10:05

now of course we can connect this here

10:08

just like

10:10

so and we can change this to

10:13

straight change that to straight and at

10:16

the bottom we have vulture as our cloud

10:19

provider the internet gateway there's a

10:21

VPC here we have elastic and Cabana OS

10:24

ticket yunto server Fleet server and a

10:27

Windows server along with our IP address

10:31

information now this diagram is not set

10:34

in stone at any given time we can go

10:36

ahead and update this but now we have a

10:38

better understanding of how things are

10:40

going to flow and what our environment

10:43

is going to look like the last thing I

10:45

want to reiterate here is that your

10:47

diagram does not need to look pretty now

10:49

I did do a little bit of formatting on

10:51

my end because I am presenting it to you

10:53

but for yourself you just need to try it

10:56

and put in the Reps to eventually get

10:58

more comtable in building logical

11:01

diagrams in the beginning it might feel

11:03

pretty useless but trust me this is a

11:05

skill that it will be extremely helpful

11:08

for you in the future the last thing you

11:10

want to do here is save it out so to

11:12

save it you want to click on file at the

11:14

top left

11:15

corner and select save and then click on

11:19

Save By following along not only did you

11:22

learn how to create a diagram but you

11:24

now also have a logical diagram of what

11:27

the setup is going to look like and that

11:29

concludes day one of the 30-day my def

11:32

for sock analyst challenge as a reminder

11:34

I'll be doing a giveaway where one lucky

11:36

winner will win a grand prize of the my

11:38

defer sock analyst course and

11:40

additionally there will be three

11:42

one-month passes for try hack me details

11:45

are provided in the description if you

11:47

are an aspiring sock analyst I would

11:49

highly encourage you to participate to

11:51

level up your practical skills thank you

11:54

so much for watching And subscribe if

11:56

you want to remember to stay curious and

11:59

do things differently