Classroom Glossary Public page

ADV-101 Equipment and Setup Guide

1,117 words

Everything you need before week 1 starts. ~2 hours of setup including the Hardware Checkout request and the Burp install. The course assumes RE-101 completion; most of the toolchain transfers.

Laptop requirements

Any modern Windows, macOS, or Linux laptop runs ADV-101. The lab work is software-based; the SB6141 hardware sits on an isolated lab network you connect to via Ethernet.

Minimum specs:

  • Operating system: Windows 10 or later, macOS 11 or later, current Linux distribution
  • CPU: any 64-bit processor from the last 10 years
  • RAM: 8 GB minimum (Burp Suite is the heaviest workload; 4 GB works but feels cramped)
  • Disk: 5 GB free (Burp, Python, pcap captures from your lab sessions)
  • Display: 1280x720 or higher
  • Ethernet port (or USB-Ethernet adapter): required for the isolated lab network; Wi-Fi is not used to reach the SB6141

NOT required:

  • No GPU
  • No virtualization (a Docker / VM-based lab harness is the stretch path; the standard path uses a physical SB6141 on an isolated subnet)

Hardware: the Motorola SURFboard SB6141

ADV-101's named lab target. Two paths to get one:

Option A: Hardware Checkout pool (academy default). Request an SB6141 from the academy Hardware Checkout pool. Email interested@virtuscyberacademy.org with subject ADV-101 Hardware Checkout, SB6141 + cohort name. The academy ships an SB6141 plus a power supply plus a USB-Ethernet adapter; due date is the end of Week 13 (capstone defense). Return-ship paid for by the academy.

Option B: Self-purchase. SB6141 units are on eBay and other used-electronics resellers for $25-40. Buy any unit listed as "tested, working" with both power adapter and Ethernet cable. The academy does not have a preferred seller; verify the model number is exactly SB6141 (not SB6121, SB6183, or other SURFboard variants; the CSRF advisory is SB6141-specific).

What to verify on arrival. Power the modem; let it boot (LEDs settle within ~60 seconds). Connect via Ethernet to a laptop with no other network; browse to http://192.168.100.1/. The SB6141 administrative interface should load. If it does not load, the modem may be cable-provider-locked (some retail listings are; the academy Hardware Checkout pool only ships unlocked units). Re-flash via the academy's documented procedure (/handouts/sb6141-unlock-procedure.md) or return the unit.

Lab network isolation

ADV-101 NEVER tests against a SB6141 connected to a live cable provider. The lab network is air-gapped: SB6141 -> Ethernet -> your laptop, with no other devices and no Internet.

Recommended setup:

  1. Connect the SB6141 to your laptop via Ethernet (use a USB-Ethernet adapter if your laptop has no built-in port).
  2. Configure your laptop's Ethernet interface with a static IP in the 192.168.100.0/24 subnet (e.g., 192.168.100.2); the SB6141 management interface lives at 192.168.100.1.
  3. Disable Wi-Fi on the laptop while running lab work (or confirm that traffic to 192.168.100.1 goes through Ethernet, not through a Wi-Fi gateway with the same subnet).
  4. Confirm isolation: ping 8.8.8.8 from the laptop should FAIL while the lab is active. If it succeeds, your laptop has a route to the Internet that you have not isolated; fix before continuing.

Week 3's lab is the full isolated-network setup with a network diagram you commit to your lab portfolio. Re-use that setup for every subsequent lab.

Software to install

Five tools. All free. Plan ~60 minutes if you completed RE-101's setup recently.

1. Python 3.11 or newer

If you completed FND-102, you have this. Verify:

python3 --version
# Python 3.11.x or newer

If not: install from https://www.python.org/downloads/ or your distribution's package manager.

2. Python packages

python3 -m pip install --user requests pytest

The course's tool engineering uses only requests (HTTP client) and pytest (test runner) as third-party dependencies. The standard library handles everything else.

3. Burp Suite Community Edition

Burp is the HTTP-inspection workhorse for Week 2's CSRF reproduction. The Community Edition is free and sufficient for ADV-101; the Professional edition adds active-scanner features the course does not use.

  • Download from https://portswigger.net/burp/communitydownload
  • Install per the platform-specific instructions in the installer
  • First launch: accept defaults; enable "Temporary project in memory" for the lab (no need for a persistent project file for ADV-101 work)

Verification: launch Burp, open the Proxy tab, click "Open browser" (Burp's embedded Chromium). Browse to http://example.com; the request should appear in the Proxy history.

4. curl

Already on macOS and Linux. On Windows: Git Bash (bundled with Git for Windows) includes curl; or install via winget install curl.curl.

Verification:

curl --version
# curl 7.x or 8.x

You will use curl with -v, -c, -b, and --data-raw flags extensively from Week 2. The full reference at https://curl.se/docs/manual.html is worth bookmarking.

5. A code editor

The course is editor-agnostic. VS Code, PyCharm Community, Neovim, Sublime, vim all work. The course's tool engineering is Python; pick what you already use.

6. Git (verification)

You have Git from FND-101 / FND-102 / RE-101. Verify:

git --version
git config user.name
git config user.email

If either config returns nothing, set them per the FND-102 SETUP.

Course authorization document

Before Week 4 (the first tool-running lab) you sign the academy's cyber-use authorization document. The document covers:

  • The lab target (the academy-provided or self-purchased SB6141 only)
  • The isolated lab network scope (no live cable-provider connection)
  • The negative scope (no testing against any device you do not personally own and authorize, no testing against academy infrastructure outside the documented lab target)
  • The duration (Week 4 through capstone defense at end of Week 13)
  • The personal-conduct boundaries (lab work stays in the lab; transcripts and tools are not shared outside the cohort without instructor approval)

The instructor distributes the authorization in Week 3. You sign it; the instructor counter-signs; the document lives in your lab portfolio. Lab 4 onward will not proceed without the signed authorization.

Verify your setup

Run all six checks. Each should succeed.

python3 --version
python3 -m pip show requests | head -2
python3 -m pip show pytest | head -2
curl --version | head -1
git --version
ls /tmp  # confirm shell works

Plus the GUI checks:

  • Burp launches and the Proxy tab is accessible
  • The SB6141 admin interface loads at http://192.168.100.1/ from your isolated lab network

If any check fails, paste the error into the cohort channel before Week 1.

Create your ADV-101 workspace

mkdir -p ~/adv-101
cd ~/adv-101
git init

You commit each lab into this repository. By the end of the course it has:

  • lab-1/ through lab-11/ (one directory per lab; lab-6/ is the midterm exam transcript)
  • capstone/ (the Tool v1.0 Python package + the disclosure report)
  • lab-portfolio.md (a running index of authorization-signing dates, lab completions, instructor sign-offs)

The lab portfolio is the single document the capstone defense panel reads before the defense; keep it current.

What you do NOT need

  • No Metasploit. Out of scope; ADV-101 builds bespoke tools, not framework-based payloads.
  • No Kali Linux. The standard install of any modern Linux distribution plus the listed tools is enough.
  • No commercial vulnerability scanner. Nessus, Burp Pro, Acunetix etc. are out of scope.
  • No exploit-development toolchain. ADV-101 reproduces CVEs; it does not develop weaponized exploits. (The capstone is a CSRF reproduction tool, not a memory-corruption exploit.)
  • No "premium" CVE database subscription. NVD + MITRE + the original advisories are all free.

If something is wrong before Week 1

Paste the output of:

python3 -c "import sys, requests, pytest; print(sys.version); print(requests.__version__); print(pytest.__version__)"
burpsuite --version 2>&1 | head -1  # or check Burp's About dialog

into the cohort setup channel. The single most common issue is Burp's JRE on macOS: the standalone installer ships its own Java runtime; if your system Java differs, prefer the Burp-bundled JRE.

Setup guide v0.1.