FREE Cybersecurity Lab for Beginners | Deploy a Firewall + Practice Offensive & Defensive Security скачать в хорошем качестве

FREE Cybersecurity Lab for Beginners | Deploy a Firewall + Practice Offensive & Defensive Security

SafeLine Website: https://ly.safepoint.cloud/Z0XMhHq Documentation: https://docs.waf.chaitin.com/en/home SafeLine Discord:   / discord   Github: https://github.com/chaitin/SafeLine ⚠️ Safety Disclaimer: This video is for educational purposes only. All attacks in this video were performed inside my own lab. Do NOT test or attack any system without explicit permission. 🔥 In this video, I show you how to build a completely FREE cybersecurity lab that gives you both offensive and defensive hands-on experience. You’ll deploy Safeline WAF (open-source, free Web Application Firewall), run real web attacks in a safe environment, and learn how to create your own firewall rules — perfect for beginners and ideal for building your CV or cybersecurity portfolio. This lab helps you practice: ✅ Web attacks (SQLi, XSS, directory traversal, etc.) ✅ WAF detection & blocking ✅ Monitoring logs and alerts ✅ Creating custom security rules ✅ Red-team + blue-team thinking All on your own machine, for free. -------------------------------------------------------------------------- Video Content: 00:00 - Intro 02:14 - Setup 03:11 - Firewall Console 06:10 - XSS 07:35 - SQL 08:30 - Traversal 09:38 - Lab Summary -------------------------------------------------------------- 🧪 Setup Steps + Commands (Beginner Friendly) ✅ Step 1 — Install Docker on Kali sudo apt update sudo apt install docker.io docker-compose-plugin -y sudo systemctl enable --now docker ✅ Step 2 — Install SafeLine (Official Script) This creates all containers automatically (pg + mgt + worker). sudo bash -c "$(curl -fsSLk https://waf.chaitin.com/release/lates...)" Follow the prompts. When finished it gives you something like: Username: admin Password: xxxxxxxx URL: https://127.0.0.1:9443/ Log in to the SafeLine dashboard by visiting this URL and entering the username, password given. ✅ Step 3 — Start a Python Test Web Server This will be your “attacked website.” (I'VE REMOVED SOME OF THE ANGLED BRACKETS FROM THE COMMANDS BELOW AS DESCRIPTION DOESNT ALLOW IT, SO DOUBLE CHECK YOUR COMMANDS WITH THE VIDEO DEMO) In a new terminal: mkdir ~/testweb cd ~/testweb echo "h1Hello, Demo Site/h1" index.html python3 -m http.server 8000 Your test site is now running at: http://127.0.0.1:8000 ✅ Step 4 — Add an Application in SafeLine WAF In SafeLine UI → Applications → Add Application Use this exact setup: Domain: * Listening Ports (Choose only ONE) Port: 80 HTTP Delete port 443 if you don’t need HTTPS. Mode: ✔ Reverse Proxy Upstream (MOST IMPORTANT): Set to: Protocol: HTTP Host: 127.0.0.1 Port: 8000 Click Save. Now your WAF listens on: http://127.0.0.1 And forwards traffic to: http://127.0.0.1:8000 ✅ Step 5 - Simulate web attacks on your demo site: Go back to your demo site and simulate different web attacks, examples used in the video mentioned below. ---------Test Example Attacks (Used in the demo) 👉 XSS: http://localhost:7777/?q=scriptalert(1)/script 👉 SQL Injection (even if it’s a static site): http://localhost:7777/?id=1' OR '1'='1 👉 Path Traversal http://127.0.0.1:8090/../../etc/passwd ✅ Step 6 - Check Logs on Safeline WAF Go back to your WAF Admin Console and check for the logs of your web attacks being blocked. 🎉 Done — You now have: ✔ SafeLine WAF installed ✔ Python test site running ✔ Reverse proxy protection active ✔ Attacks being logged --------------------------------------------------------------------------------------------- Schedule 1:1 call with me: https://topmate.io/meeratamboli Connect with me on Linkedin:   / meeratamboli   Connect with me on Instagram:   / meeratamboli_   Cyber Career Starter Guide - Top 100 Concepts To Learn: https://topmate.io/meeratamboli/16750... Cybersecurity Roadmap: Google Cybersecurity Professional Certificate: https://imp.i384100.net/c/6455422/215... IBM Cybersecurity Analyst: https://imp.i384100.net/c/6455422/280... Fill in this quick form and get my step-by-step roadmap email that breaks it all down, from the fundamentals every beginner must know, to choosing your cyber subdomain, building the right skills and creating a CV that actually gets noticed: https://forms.gle/JH6wZjxVhPyp5vbt5 Hashtags: #cybersecurity #waf #safeline #xss #sqlinjection #ethicalhacking #websecurity #infosec #pentesting #bugbounty #hackers #devsecops #securitydemo #applicationsecurity DISCLAIMER: Everything I share here is based on my personal views and experiences, not connected to any employer, role or organisation.