Awesome! If you made it this far man...

You are a freggin' superstar.  Sticking with this stuff is hard work and if you've been following all the videos and training lessons up until this point then I commend you.

Now we're going to have some fun.  We're going to install the best penetration testing, ethical hacking, vulnerable assessment toolbox out there: Kali Linux:

Last week we looked at how to Setup VMWare Workstation.  I showed you where to download it and how to install it.  Click the link below to get started on that one if you missed it.

We have 6 more lessons in this 7 part series so stick with me! Today - we're going to Kali baby!

1. How to Setup VMWare Workstation
2. How to Download Kali Linux for your hacking lab
3. How to Install Kali Linux from scratch (step-by-step)
4. How to Configure Kali Linux (you know, how to pimp out the interface)
5. How to Legally Download and Install Windows 10 for Free
6. How to Install VMware Tools (open-vm-tools) in Kali Linux
7. How to...

Alright, so we've been talking about virtualization for a while but how would you acutally like to get some hands on experience with it?

Alright, so in this training lesson, you're going to learn how to setup VMWare Workstation on your computer.  This will lay the groundwork for the other lessons coming up.

Here's what you will learn today and over the next six lessons:

1. How to Setup VMWare Workstation
2. How to Download Kali Linux for your hacking lab
3. How to Install Kali Linux from scratch (step-by-step)
4. How to Configure Kali Linux (you know, how to pimp out the interface)
5. How to Legally Download and Install Windows 10 for Free
6. How to Install VMware Tools (open-vm-tools) in Kali Linux
7. How to share folders with your VM

This is going to be crazy fun but you need to follow all the training lessons in order to get the most out of them.

Oh yeah, and the best part is I have created training videos that walk you through the entire process for each of these lessons.

After watching these...

The last time we got together we talked about virtualization basics.  We looked into hypervisors, hosts and guests and went through some of the big advantages of virtualization.

Now we're going to wrap up our mini course on virtualization with the following topics:

• Application Cells
• VDI
• Virtualization Disadvantages

Let jizzummppp in!

Hahha, okay so let me calm down a bit.

Application Cells

This is where bad application go when they do bad stuff.  It's like a jail for bad apps.

Okay, let me stop screwing around.  

Application cells are just virtualized containers.  The major difference between an Application Cell and a Type 2 hypervisor is that the entire operating system isn't virtualized.

Each application you run, such as your Office program or your command prompt, opens in a new completely isolated container.  But each application is actually running on the same host operating system.

With virtulization, each guest OS can...

Alright so by now you should be aware of the basics of confidentiality, availability and integrity.  You should also have a firm grasp of risk management controls.  

So today we're going to dive into virtualization.

Here's what we're going to get into:

• Virtualization Basics
• Hypervisors
• Hosts and Guests
• Virtualization Advantages
• Application Cells
• VDI
• Virtualization Disadvantages

This is probably one of my favorite topics to get into so let me now waste any more time.  Let's go!

Virtualization 101

So what do we mean by "virtualization"?

The first time I heard of the term I couldn't stop thinking of virtual reality headsets.  I imagined IT engineers sitting in a server room with crazy VR helmets strapped to their heads.   I know it's a crazy thought haha but hey - what can I say?

When we talk about virtualization it actually has nothing to do with VR helmets.

Virtualization just means we can have one or more operating systems running...

Alright, the last time we met we talked about risk and defined administrative, technical and physical controls.  Now we're going to wrap up our segment on controls by diving into the following controls:

• Preventive
• Detective
• Corrective
• Deterrent
• Compensating

You really need to know these for the exam so I want to make sure you get this.

Preventing Incidents

What do you think preventive controls are?

You already know what these are. 

Preventive controls prevent incidents.

Can you think of some examples?  What's something a sys admin could do to a server to prevent a security incident from happening?

Well he could harden the box right?  To harden a server is to make it more secure by uninstalling unnecessary software, disabling unneeded services and accounts, using strong passwords, and avoiding the default configuration.  The idea is to make it harder for a bad guy to drop the box.  So, for example, by having a working account disablement policy you...

At this point should know what confidentiality, integrity and availability are.  If not, make sure you jump back into those topics for you dig into this beast.

Before we talk about the super awesome stuff related to firewalls, vulnerabilities and hacking we need to talk about risk.

In this guide we're going to look at the following items:

• Risk (what it is)
• How to reduce risk using various controls
• Technical, Administrative and Physical Controls
• Preventive vs Detective Controls
• Deterrent, Corrective and Compensating Controls

I know that looks like a lot but once you get through this you'll ba step ahead of the rest.

What exactly is Risk anyway?

How would would you describe sky diving in terms of risk? Is too risky?

I actually went skydiving with my girlfriend (now wife) a few years ago and it was one of the most exhilarating experiences I ever had.  I think part of the reason for that is because there is a possibility of danger... there's a chance you could die!

I don't...

The last time we got together we talked about data integrity.  Make sure you brush up on that one really fast. (if you haven't look at it)

It's a short read but it's critical because it lays the foundation for everything else you're going to learn in this training.

Today I want to talk to you about Data Availability.  This is the third reason business leaders and organizations have cyber security and information security programs and it'll round out our mini-series on cyber security goals. 

Are you Available?

Imagine you're hanging out with a few of your buddies in the local bar and a stunning girl glides in and sits right next to you.  She orders a glass of wine and then turns her head in your direction and mesmerizes you with her looks.   

Her elegance and beauty almost makes you barf up your beer.

So understandably, you're nervous. In fact your legs are visibly shaking and your throat is getting a little dry but you somehow cough up...

Earlier this week we told you guys about the Meltdown and Spectre Intel Security Bug.  In that article, you learned what Meltdown is and how to verify you're Windows 10 PC is patched against the vulnerability.

It turns out that even if you have the patch installed, your PC still might be susceptible to the Meltdown and Spectre bugs.  The reason is because you need to install a UEFI or BIOS update from your PC manufacturer to permanently close the hole. 

The UEFI/BIOS update contains CPU microcode that is specific to your CPU.

Before we get into doing that, Microsoft released a Meltdown PowerShell script that does an in-depth check of your system to help you verify if protections are enabled.

How to Use PowerShell to Verify Meltdown Protections

This fix only applies to Windows 10 machines.  Windows 7 users will need to upgrade Powershell to version 5.0 by downloading and installing the Windows Management Framework 5.0 first.

Alright, so in Windows 10, press...

Yo! What's up again!

So, check it out: in our previous training we talked about data confidentiality which is the "C" in the CIA acronym.  If you missed that one, you definitely need to jump in because it's pretty foundational stuff and you really need to understand it if you want to nail the CompTIA Security+ exam.

We we're talking about cyber security goals and were trying to answer the question:

What is the goal of information security?

So here's the thing: not only do almost all businesses and organizations today need to make sure private data stays private but it's also important to make sure that data doesn't change.

In other words: can we have confidence that the data is trustworthy? Can we rely on it? How do we know for sure it hasn't been tampered with?

Detecting Data Differences with Hashes

The goal of integrity is to make sure only authorized people can modify the data; however, if it gets changed either intentionally by the good guys or maliciously by the bad...

** UPDATE 01/11/18 **

We've created a new updated Meltdown article (and video walkthrough) showing how to use PowerShell to verify your Windows 10 machine is protected from the Meltdown and Spectre bug. 

Early this week, TheRegister posted an article revealing a critical memory leaking bug that sent the internet into a frenzy.

The processor bug affects every computing device made in the last 20 years which runs off the Intel processor.

Researchers at Google at various university have already released PoC (Proof-of-Concept) code that demonstrates the Meltdown bug in action.  Some researchers even took to Twitter to post the PoC code. 

For example, well-known security researcher Erik Bosman tweeted his Meltdown PoC yesterday.

Microsoft and Amazon have already reported unplanned downtime to address the bug.

What Does The Meltdown Bug Do?

Every Intel processor created since 1995 is affected by the Meltdown CPU flaw.

The flaw gives an attacker the...