the ultimate HACKING workspace (docker container streaming Kali Linux)

Video Notes:

Learn more about Kasm: https://ntck.co/3fzB6EO

In this video, NetworkChuck and Cameron show you the ULTIMATE HACKING WORKSPACE!! Docker containers will stream secure, isolated instances of Kali Linux, Ubuntu, Brave, Chrome…pretty much anything…right to your browser!!

📜📜📜LINKS and GUIDE: https://ntck.co/292 📜📜📜

🔥🔥Check out our Intro to Kasm course: ($2) https://ntck.co/3Fzssk3 or Join NetworkChuck Premium: https://ntck.co/Premium

🔥🔥Join the NetworkChuck membership: https://ntck.co/Premium

**Sponsored by Kasm Workspaces

0:00 ⏩ Intro
1:19 ⏩ What do you need?
2:15 ⏩ What is Kasm? (Container Streaming)
4:24 ⏩ STEP 1 – Setup your server for FREE (Linode)
6:14 ⏩ STEP 2 – Kasm Install
10:19 ⏩ STEP 3 – Kasm Browser Extension
13:26 ⏩ Enabling Kali Linux
15:40 ⏩ Creating users
16:19 ⏩ Making a web filter policy
19:48 ⏩ Real life use cases
20:55 ⏩ Outro

What I’m about to show you is the ultimate hacking workspace. No joke. This technology is nuts. And honestly, I use this thing every day. Change the game for me, completely like check this out. I may be researching hacking stuff, and there’s some sketchy links out there. But with one click, just like that, a new browser open, but it’s isolated, secure. Heck it’s not even on my machine. Is it a bad link? I don’t care. Not my machine or maybe I want a fresh, clean and sense of call Lennox for some quick hacking or testing. Boom right here in my browser seconds. And when I’m done, boom, blow it up. Like it never existed. Or maybe a spin up two and have ’em attack each other Cali and Navy U boom too. And no, this doesn’t involve some heavy virtual machines or WSL two it’s Docker containers streaming to your browser.
What, in the best part, I’m gonna show you how to set this up in about five minutes. Me and Cameron are hi. That’s my brother. It could be in the cloud. It could be in your house. And my favorite part, it’s completely free. Thanks to our sponsor. Chasm workspaces. So get you coffee ready or tea. If you’re a loser, shut up. Let’s do this. So end up talking. Let’s talk about what you need to actually get this thing going. The list is not long. That’s the good news. Cameron tell ’em what we need. Oh, I was not ready for this. now all you pretty much need is a server, which might sound scary, but it’s just a small server. That’s it? Cameron tell ’em what we need. Go ahead.
I know you’re staring at me. So here are the minimum survey requirements. We’re gonna be two VCPS, four gigs of Ram and 50 gigabytes of storage, SSD preferred. And this applies to cloud or OnPrem, which could be your house. But we’re gonna show you both. Thanks, Cameron. got my chair. See how, what Cameron set. That’s pretty much it. Well, one more thing. You gotta have coffee, everything in it requires coffee or tea. Shut up. Never Chuck duck coffee. Now I know you’re ready. I know you’re itching to get started doing this, but first, before we do that, I wanna talk about the magic behind how this actually works. Now, if you don’t care about that, go ahead and skip forward. I got time stamps below, but chasm is so cool. I, I, I think I just wanna tell you about it. Actually. I don’t wanna tell you about it.
Cameron’s gonna tell you about how chasm works, how the magic of Docker container streaming to your browser works. I said works a lot. Anyways. Cameron saved me. here’s how chasm works. So you install chasm on your server. Now, if you wanna open up a secure web browser, or even an instance of call Linux chasm will automatically open this up in a Docker container and stream it to your browser. He works. Isn’t that cool camera be more excited anyways. And it does this using chasms proprietary software called chasm B, which is it’s it’s open source. It’s open source. There we go. oh yeah. One thing. Camera move. Gimme your pen. So these Docker containers are just regular containers. They’re actually on Docker hub and you can just pull them from there. You can go look at ’em and you can even create your own custom Docker images, container things.
Anyways, here you go. Oh, also also think about the start camera. One way is you can put it in the cloud. We’re gonna show you how to do that. This is my cloud. Shut up camera. And whenever you’re surfing the internet or doing some hacking stuff in Cali, um, you’re using the clouds IP address. So, whereas normally you’d be going directly to your ISP using your home internet IP address using chasm. You’re kind of hiding yourself a bit, especially from your ISP, keeping yourself a bit anonymous and you, you could be anywhere you could be at Starbucks drinking, coffee or tea . So, because you’re chasm server is installed on your business network or your home network, you have access to everything that is on your network. Like, think about that camera not being excited enough. You have access to your Sonology inside your home network or all that stuff.
Like just all your stuff, your, all your other home lab stuff remotely through dock container streaming, just magic, magic, magic. But that’s the basic of how chasm works. But now you wanna set it up, but I’ll have Chuck walk you through that. Yeah, yeah. Hear you tea drinking. Wooy all right. nothing wrong with tea, but you know, coffee’s better. Okay. Now time to actually install chasm on our server, uh, like Cameron was talking about, he just took freaking forever to explain it. I’m just kidding. He did a great job. Let us know how he did guys. If you wanna see more of Cameron, if you don’t, we’re gonna show him anyway. Now we mentioned that we can install all this pretty much anywhere, but the two I’m gonna show you is the cloud. And then, uh, OnPrim AKA your house or your business. Now, thankfully the difference between the two is not a lot.
It’s pretty much the same, but let’s focus on the cloud first. Now, you know, my favorite cloud provider, my favorite thing to do and use is Linode mainly because if you’ve never used ’em before you get a hundred dollars free credit right now to sign up. So you much get to try this out for free. So just shut up and do it link below. So with your Len node account setup, we’ll first go to create at the top left and, uh, well create, click on it, create a Len node from here. We’re just gonna do our best to meet the minimum requirements. First, the images we’re gonna rock Ubuntu Ubuntu 20 0 4. Don’t use 21. yeah, he’s right. I tried 21 did not work 20 0 4 El least. That’s at, at the time of this recording, I’m losing my mind anyways, too much coffee already. How you doing T boy we’ll then select our regions somewhere close to you.
And then for the plan, this is where the minimum requirements come in. Um, dedicated. I don’t need that. I don’t have that kind of money. I’m doing shared CPU. And the minimum requirement will be this guy right here. Leino for gigabits or bites. Sorry, not bits. Four gigs of delicious Ram over are here. And then two virtual CPUs. And we got plenty of hard rep space. Cause the minimum is 50 gigs. So this satisfies our minimum requirements. Then I’ll label it my chasm password. And that’s pretty much it I’ll click on create Lin node. No, yeah, 20 bucks a month. That’s not the $5 a month we’re normally doing with these projects. That’s because chasm is extra cool and require some extra, extra stuff. Now also keep in mind, I’m showing you Le node. You can do this in AWS, digital ocean, pretty much any cloud provider that can produce virtual machines for you, which is all of them.
It’ll work now for on-prem. This will vary based on what you’re using for me. I got prox Mo and all I’ll do is create a VM. Make sure I’m doing UBO 2 20 0 4. Make sure my hard drive is at least 50 gigs. I go and throw like maybe 75 at it for no reason, two virtual CPUs and four gigs Ram. Again, this may vary for you, but that’s pretty much the gist. Okay. Back to the node. Once yours is running, it’s done provisioning. Let’s go ahead and grab this IP address and get logged in. Or you can copy the one over here. Copy launch your favorite terminal program on the windows. So I’ve got CMD, it’ll be terminal on Mac and Lennox. It’ll be SSH route at your IP address, hit enter fingerprints. Yep. And then enter your password that you set earlier. We’re in now the installation of chasm is actually the easiest part of this entire tutorial.
So easy that I feel comfortable letting Cameron do it. So, uh, go ahead, cam. All right. So the first thing we’re gonna do here is actually for stability and we’re going to get a swap partition. We’re gonna put in this first command to actually create the swap partition. We’re gonna upgrade the permissions, actually make it into swap. And then we’re gonna turn on the swap partition. These four commands are gonna be below in the description. You could actually just copy and paste these in and make the swap partition. And just to make sure that we made our swap successfully, we can use the cat command to look inside of the swap file. And I can see here, we have our swap partition now to make sure that our swap will come back. Whenever there is a reboot, let’s go ahead and just run this command.
And this will add this to the Fs tab file. Now that we have the swap partition set up, we can now download the installation file using the w get command. And you can see we’re actually getting this from S3, go ahead and enter and, and let’s get that downloaded. And now let’s just run an LS real quick just to make sure that the file downloaded correctly. So this file is in the dot GZ format. So we will need to unzip this in order to get the installation file. So let’s paste that command in there and that will extract it to our current directory. And we can now see the chasm release folders right there. Then we will do pseudo bash and that will just run this installation script. Then they’ll want us to accept the end user license agreement, just hit yes. And enter. And this installation’s gonna take a little bit, so go take a coffee break.
We’ll get back to it in a second, man. Those are pretty fast install. Wasn’t it? Yeah, I’m kidding. Now on our screen here, uh, they give us some credentials. Uh, the only really important ones here for us are gonna be the admin one. Let’s go ahead and grab ’em all just in case and just paste these into a note. And once you have that past it away, let’s get back to Le node and let’s copy our IP address, open up a new tab and let’s do HTT PS call slash slash and let’s paste in the IP address of our ode hit advanced and proceed. And now let’s paste in this credentials that we saved a second ago, right? When you log in, you’ll be presented with the chasm console. Uh, the first place they log you into here is the admin portion. So you’ll notice a lot of settings and stuff here.
We’re not gonna get to that right now. We’ll go into that later in the video, what we’re mainly focused on here, it’s just the workspaces portion and that’s where all the fun stuff is. Now we can move over to workspaces and we’re just gonna pick Chrome for this, that launch session and boom, just like that. We have a containerized browser streaming to our computer. All right, Cameron, get on my seat. Yep. That’s the big stuff. That’s the basic stuff. and at this point you’re pretty much done. Like you’ve got your chasm insulation going. You can access your stuff. And if you go back to the actually to get back to let me show you how to do that. When you’re sitting here chilling in your instance, here, there are little dots on the left. Look, those dots, you can do a few things. One of the main things we care about right now is getting it back to our workspace.
Click those four little dots, more, a lot of dots here, and you can launch other stuff. So they’ve got dedicated apps that again will just launch a Docker container. But these are apps you can launch right now from G, which is, uh, like drawing stuff like Photoshop office, just a terminal. If you want a terminal Ubuntu and even visual studio code, which I’ll just launch that real quick is pretty cool. And bam, just like that visual studio code streaming to me from a Docker container, which still is just, isn’t that crazy. a Docker container streaming and shoot even a to browsers, browsing in a browser on a virtual machine, in the cloud using tour. And it’s inside a Docker container. There’s so many things happening with tech-wise. It’s like, it hurts your brain to think about it, how you’re doing this. Can’t get more secure than this or anonymous.
Now, again, you’re pretty much done. Like you could leave the video and be happy about this, but you know, we can’t end there. There’s some more cool things you can do. Like, I don’t know if you notice, but when we are back in our portal here, click over back on admin dude. this is more than just like a toy we can play with. This is a full, crazy enterprise system tool, which again, it takes 10 years to tell you all the things it can do and walk through that. But I will show you just a few things. I think you’ll love and you’ll wanna do right now. Camera say right now, right now, now the first thing you may want. And it’s the first thing I want was the ability to take like, like remember the intro we had like maybe nefarious links like this one, you may not wanna open that in your browser, on your main desktop.
There could be all kinds of crazy stuff that affect your computer. So we want to be able to right, click that and say open and chasm, open a Docker container. That’s safe, secure, and isolated. That won’t hurt me. How do we do that? Now? This is simply a Chrome extension. And if you name brave or Firefox, I believe they have Firefox. I’ll check on brave, but I’m sure they have all of it. We’re simply gonna add an extension or installing extension on our browser. So I’m just gonna look for Chrome extension store. I think that’s what it’s called. Yeah. Just Google that jump in there. And we’ll search for chasm at the top left. There we go. I love the tagline. Open an isolation. In fact, Cameron told me about that. It’s pretty cool. Anyways, we’re gonna click on, add to Chrome, click on ad extension and it’s added, but not quite done yet.
We have a few more things we have to configure here. We’re gonna go up to our puzzle piece here, which stands for extensions in Chrome. We’re gonna scroll down until we see chasm, which is weirdly great out. It makes me feel weird, but it’s fine. We’re gonna click on the three dots and click on options. We’re gonna change just really one thing here. We’re gonna add the URL for, for our chasm server that we just set up or the one that you just set up. So a past mine in here just like that. And you can even choose, like, if you wanted to open a new window or a new tab, I like new tab. It feels more like it’s part of my browser. Like I’m not doing anything outside my system, even though I totally am. So anyways, enough of that click on save and that part’s done.
Just one more thing we have to do. We’re gonna get back to our chasm workspace here, our chasm dashboard. And from here, we’re gonna go to the top, right? Click a little icon there and then click on profile. Cuz this will be a setting that is set per user. And yeah, you probably guess you can have multiple users with this. You can have your friends, your family, your kids use this, have different profiles. We’ll talk about that. Anyways. One thing we’re gonna change right here. We have the default workspace image. This is what we’ll launch. Whenever you do that, right. Click thing. We showed you earlier, click on the dropdown and then choose your image. I’m gonna choose. Let’s do brave. I like brave. That’s it. It’s already saved. I don’t have to do anything else. And now we can test it. It’s gonna go back to that Reddit page and I’ll pick a random link here.
This guy right here, right click. And here we are open link and chasm. And just like that, a Docker container is being spun up behind the scenes and it’s streaming to my browser. I’m not opening this URL on my computer. It’s not tracking me. It doesn’t know my IP address. It’s not looking at my cookies, looking at my history. I’m completely anonymous. As far as tracking me goes. And the cool thing is whatever I do here in this browser, it doesn’t matter. I can do whatever I stinking. What? Because guess what? I can just delete it. Like watch this click on these little dots here, delete session. I can trash the sucker, bad website, malware, whatever don’t care. I’m secure. So I deleted it. It’s gone. I was never there. I never accessed that website. No proof. And I think, you know, think about that.
That’s probably the future of how we deal with weird stuff like this, how we browse the internet right now, your computer, it designed to track a lot of what you do, cookies, um, your IP address your history. And if your computer could track it, that means all these other websites, your accessing can track it as well. Not to mention these scare of viruses in malware, which yeah, and we’ve got tools that can prevent that. We got tools that can scan what we download, uh, prevent what we access on the internet. But you know what? They’re not perfect. The ideal use cases that we open up everything in an isolated sandbox. And if we do do something bad, it doesn’t matter. That instance, that browser, that VM is transient. Ephemeral big words. It just disappears. Cuz it doesn’t matter. Now second tweak. I wanna show you real quick.
Check this out. It’s actually kind of two tweaks in one first. If you scroll through your apps here in your, your workspaces, you’ll notice that you don’t see Cali Linux, which we, we talked about that a lot, but it’s not here. Did we lie to you? No, no. You can add more images and some are already default installed. So if I go back to admin, my admin portal over here on the left, I can click on images where I can manage the Docker images or containers that I can launch. Go and click on that. And here we already have 26 images ready to go, but not all are enabled. So I’ll start clicking on the arrows down here. Here. We have doom for some reason. So if you wanna play doom in your browser from a Docker container street, actually that sounds pretty cool. Anyways, let’s continue.
I wanna go find call there. It is call Lennox to enable this. I wanna click that box for the can. We’re gonna click on the little dots here on the right click on edit. And then right here towards the middle, we have the enabled check box. Check that now while we’re here at the same time, I’m gonna go ahead and do the second tweak. Now when we launch Kelly Linux without changing this second thing, it’s gonna log us in as a regular user without root access. But of course we want root access. We want ultimate godlike control, right? One thing we have to change here to make that happen. If you scroll down just a little bit here, we have the Docker run config, which by the way, you can do a ton of stuff with like, this is like a regular container. And if you know Docker containers, you can do everything here pretty much.
But one thing we care about, we’re gonna do some JSON real quick. Don’t worry. It’s not scary. Uh, just follow along with me first. We’re gonna type in user between double quotes. I’ll do double quote the user double quote, then I’ll do a colon and then I’ll do another double quote and say root and then double quote. So just like this, that is be beautiful. JSON right there. That’s all we need. Just go down to the bottom. Click on, submit done. Now it’s not quite ready yet. If we go to our, uh, workspaces here at the top left, you’ll see it here. Where to go. Oh right there. But it’s got like a little warning message right now. Your uh, chasm server is downloading the Docker container for Cali getting all that stuff. Ready? No give, give it a minute. Just coffee break. You tip my coffee again.
So now Cali is ready. I’m gonna go and launch the sucker real quick launch, which this is so cool. Right? And now that we have root enabled, all we have to do is when it launches, when we’re in our terminal, like we should be like you are right now. We’ll do SU or switch user spit to become root. Okay. Now for the third tweak and it’s the last one I’m gonna show you cuz we don’t have enough time and this one’s pretty cool. It involves users and web filtering so far we’ve been using the admin profile, but of course you can add other users. So what I’m gonna do is add my daughters as users, my two oldest anyway, Chloe and Addie. And what I’ll demonstrate is how I can make sure that they’re gonna be browsing safely and securely and then law. They can access with web filtering, which is just built in, I can whitelist and blacklist with what I want them to access.
So anyways, let’s check it out real quick, super easy. So just like before, I’ll go to my admin portal here and over here on the left, I’ll click on users right now. I’ve got the default users. I’ll go ahead and click on add user to add a new one, Chloe, and then I’ll set a password for her. And now just keep in mind. I’m manually setting a password for or Chloe, but you can integrate this with an L D and SAML or single signon situation at your business. If you have one or if you have a home lab with that stuff, you can do it too, cuz I totally do. And I will end up doing that. But username and password is pretty much all we need for now. I’ll click OnIt. I’ll add my second user for add submit. So now all I have to do is give them my IP address or the URL of my chasm instance and they can get access to this with our credentials.
Now, moving beyond that, I can assign web filtering, very simple to set this up almost stupid, easy, uh, over here on the left, we’ll see an option four web filter. Go ahead and select that. And here we got nothing. Let’s create something. Go ahead and click on ad policy. Now we don’t have a ton of options here. I name this test, but some cool things, especially for kids or people that you want to restrict too. We can say deny by default. So like whatever website it is, don’t go to it. Unless I explicitly say they’re allowed to go to, which is perfect for my kids. They’re curious. So I can say deny by default and the only site that can access is network chuck.com also network chuck.coffee. You just put that all on the black list. Thanks Cameron. He just says on the black list, we’re gonna put that in the white list.
and just scroll down. We got a few more options or really just one more enable safe search, which is a Google option to make sure they don’t search for bad stuff. And then we could enable categorization. But that is a feature that must be licensed, which you’re probably thinking Chuck, you said it was free. It is, but not everything’s free. This is a community edition, which is more than enough. Like you’re gonna have a hard time, like not finding all the features you want. We get a snapshot, the differences. And one thing I wanna point out, and this is just crazy. Community edition is $0 and includes all features of enterprise right. Then one of the main limits is that you are limited to five simultaneous sessions and excludes some branding and web categorization, which is what I just hit. Actually, we can’t take advantage of some crazy URL filtering your web categorization, but we get some pretty cool stuff anyway.
And of course, if you wanna go professional or enterprise, and if you’re a business school or government entity, this is perfect for you. But anyways, let’s continue anyways. That’s all we care about. I’m gonna click on submit. And then one more thing we have to do. We have to apply this policy to our users to do that. We’ll go over here to the left, to our images. This will be applied per image and I’ll find, for example, brave, let’s go and click on brave click on the icons here, click on edit. And if I scroll down just a bit and when I say a bit, I mean a lot we have the web filter policy. I’ll change this from inherit to my, there it is right there. My test one and click on submit. So now let’s give it a test. I wanna go ahead and launch brave.
It should apply to me as well and right off the bat access tonight. So I try to go to Google or Facebook, nothing, but I try to go to network chuck.com. What if I try to go to network chuck.com. Hey, real quick, Cameron and Chuck from the future, we figured out that it doesn’t want the HTTPS in there at all. So go ahead and take that out and just have the domain name in there soon. Now let’s go back to our workspaces. Find our brave web browser, go and launch the sucker. It should work for me. You should block me. I am all users and by default it should block the first website it comes with. Yeah, access denied. But now if we go to network, chuck.coffee, for example, naked by coffee. No problem. My daughters can too. Now it was cool. And check this out.
If I go back to my dashboard and I go to my admin portal, if I scroll it like notice real quick, we have insight into everything going on with thought our chasm instance here, or our chasm server, all the image usage, all the errors. And then down here at the bottom domain usage, we can track what our people are going to. So think about that from a user perspective, as you’re trying to protect your company’s users, uh, or your kids or whatever, you get a crazy amount of insight and control. Okay, I gotta stop there. there are a ton more features I could talk of about like casting, which you can share your session with other people and they can watch you do stuff, uh, staging, which is crazy. Makes things go faster, just so much more. I can’t go into it. And by the way, if you do want to go into that, if you wanna learn how to do this, we’ll have a little minicourse below.
Check it out. But now I wanna change gears for a second because I’ve shown you some cool stuff. I’ve shown you two use cases like secure browsing and having a really awesome line X distro, just bam exploded onto your browser. But how do companies use this? How could you use it as a, a daily grind? How can you apply it to what you do now? There are some pretty cool use cases above and beyond what we’ve already showed you. So now I’m gonna kick it off to Cameron. Cameron, show the people some cool stuff I’m gonna see Beardie right. So now that we’re done going over just personal use case for like browser isolation, or maybe standing up your own call Linux or Rubi desktop, there are some more use cases for this that are a little less personal, more like business or enterprise such as replacing your VDI solution.
Uh, maybe your company right now uses Citrix. Citrix can be really cumbersome, hard to set up licensing. It’s hard. What’s great about it. That it’s web native. You don’t have to have anything as stalled on your endpoints in order to use chasm, you can have it just run through any web browser, because if you ever use Citrix or any of the other stuff, you have to install crap on people’s computers. It sucks and worry about versioning on the desktops, blah, none of that and chasms images are all secure outta the box because they constantly update their rolling images every night, because the old way to do stuff is stupid. You would have a golden image that admins would like go into log into and update, like apply updates and apply the patches of crap. This is like it’s auto magic, auto magic, and last but not least, it could be used for DevOps pipelines.
So whether you want to test your own custom doc Docker, ah, docking Docker containers or your code, you can use their secure APIs that are provided with chasm to test that. Thanks, Cameron. All right. So chasm seriously. I’m gonna probably use this every single day. I’m legit gonna have my kids use it. Cameron, you’re gonna use this thing always, always forever. And I I’m being serious. I do just constantly spin up news stuff, new VMs. And this is a way easier way to do this. If I just wanna test something real quick or if I wanna browse to kind of a weird URL and not worry about getting hacked, not to mention all the crazy use cases that Cameron mentioned, it’s a pretty cool thing. So thanks again to chasm workspaces for sponsoring this video and making such a freaking cool product and like, yeah, I know they did sponsor this video, but I only say yes to things I really like and enjoy and will actually use myself, especially when it’s free and accessible to pretty much everybody.
So I dunno what you’re waiting for. If you haven’t already tried it, if you didn’t follow along this video, do it. And it’s right now right now is when you gotta do it. And if you did it, let me know what you thought comment below and uh, by the way, have you hacked YouTube algorithms today? Let’s make sure you do that. Like button notification, bell subscribe, and already said comment. So just do that. You gotta hack YouTube today. Ethically of course. And yeah, that’s all I got. Thanks again to my brother, Cameron, for helping out today. Let me know again, if you wanna see more of him, if you don’t, I don’t care, I’ll still include him. Oh. And almost forgot by the way. Um, we are gonna include more tutorials, more of a deep dive on chasm, how to do all the kind of crazy cool stuff that we didn’t include in this video. Check it out. Link below. It’ll be part of my network, Chuck premium membership, which if you don’t know what that is, it’s 12 bucks a month. You get access to a ton of cool stuff. And it’s just a way to support what I do here. A way to support Cameron, what he does here and of course get access to cool things. Yeah, that’s all I got today. All right.

Check Out Network Chuck's Coffee and MERCH Shop