Page 1 of 7 Latest Revision: 12Apr17

Getting Started with ICS-CERT Kali VM

We recommend turning off antivirus and host based intrusion detection when loading the VM. Use the

following instructions to create a Virtual Machine using VMware Player, Workstation or Fusion.

Start VMware Workstation, Player, or Fusion. In Workstation or Player: Click on the File tab and select Open.

In Fusion: From the VMware Fusion menu bar, select File > Import

Navigate to the folder where you saved the Kali2-yyyymmdd.ova file (where yyyymmdd is the date of the Kali revision). Click on Open

Page 2 of 7 Latest Revision: 12Apr17

The new pop-up window will ask for the name you want to call the new VM. Select the defaults or you can change the name and/or directory location using the browse button. Click on Import at the bottom of the window.

After you click “Import” a pop-up window may appear with a message stating “import failed because the file did not pass OVF specification conformance or virtual hardware compliance checks.” Click on Retry and the import will continue.

After the virtual appliance has been imported, check and adjust the virtual hardware settings as desired. Minimum requirements are:

1 processor and 1 core

Network Adapter set to Bridged Networking (Automatic)

22 Gb Disk Space

4 Gb memory

Wireless adapter is off.

Page 3 of 7 Latest Revision: 12Apr17

To edit the settings, click on the item needing edits. The edit screen will appear allowing for adjustment of the settings as needed.

Now start the virtual machine by clicking the startup icon/arrow.

If there are any problems starting the VM, refer to the trouble shooting tips on page 7.

For an error similar to “Virtual Drive not running”, see the “Enable Virtualization in the BIOS” section of the troubleshooting tips on page 7.

The Kali VM uses the auto login feature. However, if the VM goes to sleep, or is locked, use the following credentials to log on:

User: root Password: toor

Page 4 of 7 Latest Revision: 12Apr17

Getting Started with Security Onion VM

We recommend turning off antivirus and host based intrusion detection when loading the VM. Use the

following instructions to create a Virtual Machine using VMware Player, Workstation or Fusion.

Start VMware Workstation, Player, or Fusion. In Workstation or Player: Click on the File tab and select Open.

In Fusion: From the VMware Fusion menu bar, select File > Import .

Navigate to the folder where you saved the SO-yyyymmdd.ova file (where yyyymmdd is the date of the revision). Click on Open

Page 5 of 7 Latest Revision: 12Apr17

The new pop-up window will ask for the name you want to call the new VM. Select the defaults or you can change the name and/or directory location using the browse icon. Click on Import at the bottom of the window.

After you click “Import” a pop-up window may appear with a message stating “import failed because the file did not pass OVF specification conformance or virtual hardware compliance checks.” Click on Retry and the import will continue.

After the virtual appliance has been imported, check and adjust the virtual hardware settings as desired. Minimum requirements are:

1 processor and 1 core

Network Adapter1 set to Bridged Networking (Automatic)

Double click on Network Adapter 2. Click the radio button for “Host-only: A private

network shared with the host.” Click “OK”

22 Gb Disk Space

4 Gb memory

Wireless adapter is off.

Page 6 of 7 Latest Revision: 12Apr17

You can now start the virtual machine by clicking the startup icon/arrow.

User’s with Mac OS: After you import the VM answer “Ok” if asked whether or not to allow

the VM to run in promiscuous mode.

Note: Keep in mind that there is a 60 second delay after the system boots before it tries to start any Security Onion processes, so wait a minute or two before continuing. A black screen may be displayed for 2-3 minutes.

Use the following credentials to log into the Security Onion VM

User: pigpen Password: redbaron

Page 7 of 7 Latest Revision: 12Apr17

Troubleshooting Tips: Enable Virtualization Technology in the BIOS: (http://amiduos.com/support/knowledge-base/article/enabling-virtualization-in-bios) Virtualization Technology would be enabled by default in most of the recent systems. However if it is disabled in BIOS, Please follow the below steps to enable,

1. Power ON the System. 2. Enter the BIOS setup by pressing 'F2' or 'Del' or 'Enter' key (The key may vary depending on your

System Model, please follow the on screen instruction during Power ON). 3. Look for an option labeled by 'Virtualization Technology' or 'Intel® Virtualization Technology' under

'CPU Configurations', 'System Configurations', 'Advanced' or 'Security' tab and check if the option is enabled or disabled.

4. If the option is disabled, enable the same. 5. Save the BIOS settings and Boot into Windows by pressing 'F10' key (The key may vary depending on

your System Model).

Please follow the appropriate link to enable 'Virtualization Technology' in specified systems,

Lenovo - http://amiduos.com/support/knowledge-base/article/enabling-virtualization-in-lenovo-systems

HP - http://amiduos.com/support/knowledge-base/article/enabling-virtualization-technology-in-hp-systems

Dell - http://amiduos.com/support/knowledge-base/article/enabling-virtualization-technology-in-dell-systems

ASUS - http://amiduos.com/support/knowledge-base/article/enabling-virtualization-technology-in-asus-systems

Acer - http://amiduos.com/support/knowledge-base/article/enabling-virtualization-technology-in-acer-systems

Other places to look include:

Advanced Features

System Security