Kali Purple SOC

Kali Purple SOC: Part 2 – Installing Kali Purple VM

Arion

May 3, 2023 — 3 min read

Setup the VM in Proxmox

Follow the screenshot guide below to get the Kali Purple VM up and running inside Proxmox.

Click Create VM

Configure as seen below

Choose the location of your Kali purple .iso

Enable Qemu agent

Choose storage location for the VM. (It can be smaller than 2TB, however I would not recommend going smaller than 512GB)

Assign 4 Cores

Assign ~20GB of RAM

Assign VLAN tag 301

Finish.

Add Serial Port

Start the VM

Install Kali

Choose Graphical Install

Select language > Select location > Select keyboard layout

Configure network manually

Type 192.168.253.6/30

Type kali-purple

Optionally enter kali.localdomain

Skip name > Create username > Create password > Select time zone

Choose use entire disk

Choose your disk

All files in one partition

Finish

Select Yes

Select only the top two options

Choose Yes

Select drive to install bootloader to > Reboot and login

Enable Serial Console

Edit using text editor:

sudo nano /etc/default/grub

Paste the following into the config file

## Kali Purple: Enable serial console
GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n8 console=tty1"
GRUB_TERMINAL="serial console"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"

💡

You can use 0nline clipboard to copy/paste to/from proxmox vm. be careful that you don't copy any sensitive data.

sudo update-grub

Enabling SSH and RDP

Install SSH

⚠️

If when you try to login via RDP it immediately closes out, it's because a session is already signed in. If you are signed in to the VM on Proxmox, sign out of that session first.

sudo apt-get update

sudo apt-get install ssh -y

sudo systemctl enable ssh.service --now

Install XRDP

sudo apt update && sudo apt full-upgrade -y

sudo apt install xrdp -y

sudo systemctl enable xrdp --now

sudo wget -P /etc/polkit-1/localauthority/50-local.d https://gitlab.com/kalilinux/documentation/kali-purple/-/raw/main/301_kali-purple/overlays/etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla

Reboot

Next up, installing and configuring Elastic!

Kali Purple SOC: Part 3

Kali Purple SOC: Part 11 – Installing Kali Eminence VM and Elastic Agent

Setting Up the VM Follow along with the screenshots below to configure the VM. Add serial port Start the graphical install Go through the language and region setup, then follow along with the screenshots below. Reboot, then login Enable SSH for remote administration sudo apt-get install ssh -y sudo systemctl

Kali Purple SOC: Part 10 – Installing Greenbone Vulnerability Scanner

SSH Into Kali Violet VM Install Greenbone Vulnerability Scanner sudo apt update && sudo apt install -y gvm Setup Greenbone Vulnerability Scanner sudo gvm-setup this will take a while* Check config sudo gvm-check-setup Make GVM available on external interface sudo sed -e 's/127.0.0.1/0.0.0.0/

Kali Purple SOC: Part 9 – OpenCTI Installation and Setup

Installing OpenCTI SSH into Kali Violet VM Install dependencies sudo apt update && sudo apt install curl -y Install Docker sudo apt install docker.io -y sudo systemctl enable docker --now Manage Docker as a non-root user sudo usermod -aG docker $USER chmod 666 /var/run/docker.sock Install Portainer docker

Kali Purple SOC: Part 8 – Installing Kali Violet VM and Elastic Agent

Installing Kali Violet VM Follow the below screenshots in Proxmox Create a username and password. Select time zone. Reboot. From a terminal window, enable SSH sudo apt-get install ssh -y sudo systemctl enable ssh --now Install XRDP sudo apt update && sudo apt install xrdp -y sudo systemctl enable xrdp --now