Author: Pedro Escaleira, João Paulo Barraca, Diogo Carvalho

Instructions

Most laboratory guides will require a specific Virtual Machine. The file is compressed using a common format to exchange virtual machines (OVA).

You can download it HERE.

If you are using a ARM platform (macOS with Apple Silicon), please use a standard image from HERE. This is a standard Ubuntu installation, and will lack customization to SIO.

When using the provided OVA, the username and password are sio. It runs best in VirtualBox imported as an Virtual Machine Appliance, and with 2GB of RAM. If you have issues, or otherwise prefer it, you can use QEMU. Take in consideration the future laboratory guides will assume that you are using Virtualbox.

Builds for virtualbox can be found at https://www.virtualbox.org/ .

The use of the Virtual Machine is recommended for several reasons:

• The first reason is that software is already preinstalled. Therefore, even if you do not have access to the Internet, you will have the tools to execute the labs. The tools will also be properly configured.

• However, the most important reason is to provide an isolated environment with strong confinement. While using this Virtual Machine, as long as you do not map Host folders, your main system is safe from damage. If you mount folders, use a folder only for the purpose of exchanging data with the software inside the Virtual Machine. This is a common practice in the field of cyber security as it enables researchers to test controls and even inspect malware. We recommend you do a snapshot of the Virtual Machine, so that you can rapidly revert to a stable working state.

You should see the Virtual Machine as a useful tool, common for cybersecurity professionals. Use it!

The underlying system is an Ubuntu derivative with some tools pre-installed. If you do not have experience with Ubuntu, we recommend you check the following resources:

• The Linux command line for beginners: https://ubuntu.com/tutorials/command-line-for-beginners#1-overview
• Ubuntu Desktop Guide: https://help.ubuntu.com/22.04/ubuntu-help/index.html
• Our Local Linux Group: https://glua.ua.pt/

Alternative: Using Qemu

If you find issues, or otherwise prefer QEMU, you can also use this solution to run the OVA provided. Please follow the instructions below, which were kindly provided by Diogo Carvalho. For more information and troubleshooting, use join the Discord channel.

Debian and Ubuntu

• Run sudo apt install qemu-kvm virt-manager virtinst libvirt-clients bridge-utils libvirt-daemon-system -y to install the necessary packages.
• Then sudo systemctl enable --now libvirtd to enable and start the service required.
• Finally, add your user to the kvm and libvirt groups using sudo usermod -aG kvm $USER and sudo usermod -aG libvirt $USER.

Fedora

Simply run sudo dnf install @Virtualization and you’re done!

However, if you don’t want to authenticate every time you open virt-manager, simply add your user to the kvm and libvirt groups using sudo usermod -aG kvm $USER and sudo usermod -aG libvirt $USER.

Arch

Refer to the ArchWiki on QEMU and Virt-Manager.

macOS

There may be other ways to install qemu-img, but the easiest way is through Homebrew. Once you’ve installed Homebrew using their one command install, run brew install qemu-img.

To use QEMU on macOS, UTM is likely to be the easiest and most intuitive way. Simply install it from their website and enjoy!

Converting

1. Extract the OVA File:

   tar -xvf sio.ova
   

   • tar: A command-line utility used for creating, viewing, and extracting archive files. The .ova file is essentially a tar archive.
   • -xvf:
     • -x: Extract files from the archive.
     • -v: Verbosely list files processed (shows files being extracted).
     • -f: Specifies the name of the archive file to operate on.

2. Files Extracted:

   • sio.ovf: Open Virtualization Format file that contains metadata and configuration information about the virtual machine.
   • sio-disk001.vmdk: Virtual Machine Disk format file that contains the virtual hard disk data.

3. Convert VMDK to QCOW2 Format:

   qemu-img convert -c -p -f vmdk -O qcow2 <source> <output>
   

   • qemu-img convert: Command used to convert disk images between different formats.
   • -c: Specifies that the output image should be compressed.
   • -p: Shows progress during the conversion process.
   • -f vmdk: Specifies the format of the input file (in this case, vmdk).
   • -O qcow2: Specifies the output format (in this case, qcow2).
   • <source>: Replace with sio-disk001.vmdk (the input file).
   • <output>: Replace with the desired name for the output file (e.g., sio.qcow2).

Importing

With virt-manager (Linux)

• Open virt-manager.
• Click the “Create a new virtual machine” button under the file menu option.
• Select “Import existing disk image”.
• Enter the “Browse…” menu and select “Browse Local” to locate the converted file.
• Write “ubuntu24.04” as the operating system and choose the memory and threads to be used by the virtual machine.

With UTM (macOS)

• Open UTM.
• Click the Plus icon.
• Choose Emulate if you’re on an ARM-based MacBook, and Virtualize if you’re on an Intel MacBook.
• Select Other and “Skip ISO boot”.
• After deciding on the memory and threads shared with the virtual machine, skip through the Storage and Shared Directory stage.
• Name it however you please and tick “Open VM settings”.
• Under “QEMU”, disable UEFI boot if enabled.
• Scroll down to “Drives” and remove the drive created previously.
• Now click “New…” and import the converted file.