• Save
EC2 or Bust – How to Build Your Own Pen Testing Lab in Amazon EC2 at BSidesLV on July 31, 2013
Upcoming SlideShare
Loading in...5
×
 

EC2 or Bust – How to Build Your Own Pen Testing Lab in Amazon EC2 at BSidesLV on July 31, 2013

on

  • 718 views

These were the slides used in in my presentation at BSidesLV on July 31, 2013. ...

These were the slides used in in my presentation at BSidesLV on July 31, 2013.

Interested in building your own pen test training lab but lack the hardware or software to roll your own? One option is to go the way that most companies are doing these days and build your own “infrastructure” in the cloud. Not only do you get the cloud benefits of only paying what you use and the ability to expand when needed but you also get a range of licensed victim servers to choose from. This talk covers the basics of Amazon’s EC2 cloud infrastructure (e.g., EC2, VPC, basic network and routing, Elastic IPs, Security Groups, VPNs, and Snapshots) and step-by-step instructions on configuring this infrastrucutre to build your own isolated test network complete with licensed victim servers or customized AMIs.

Statistics

Views

Total Views
718
Views on SlideShare
715
Embed Views
3

Actions

Likes
0
Downloads
1
Comments
0

3 Embeds 3

http://www.newsblur.com 1
http://digg.com 1
https://www.google.com 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

EC2 or Bust – How to Build Your Own Pen Testing Lab in Amazon EC2 at BSidesLV on July 31, 2013 EC2 or Bust – How to Build Your Own Pen Testing Lab in Amazon EC2 at BSidesLV on July 31, 2013 Presentation Transcript

  • EC2 or Bust July 31, 2013 How to Build Your Pwn Pen Testing Lab in Amazon EC2 @grecs NoVA Infosec
  • NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • Infosec COTS NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • NoVA Infosec https://www.novainfosec.com
  • Thanks Tweet/Post: Thanks … for sponsoring @grecs & @novainfosec... @MiltonSecurity @BulbSecurity @PenTestTraining
  • NoVA Infosec https://www.novainfosec.com
  • Agenda • Introduction • Pros/Cons • Amazon Services • Setup • Conclusion NoVA Infosec https://www.novainfosec.com
  • Introduction • Goals o Enclosed Lab to Play On o Accessible from Anywhere o Only Pay for What You Use  Payment Plan vs. Buying Outright  Like Car Payment But Only Pay for When Your Drive  Easier to Swallow vs. Fronting Costs o Learn Cloud  Great Skill to Have Under Belt NoVA Infosec https://www.novainfosec.com
  • Introduction • Alternatives o Setting Up Own Machine at Home  $500-$700: New Low-End Dell Server  $100 - $200: Whitebox & Lots of Elbow Grease o Few VMs on Personal Machine  Want Something Little Heavier  Avoid Carrying Around Big Honking Laptop • Use Cases o Teaching Yourself / Learning on Own o Testing New Security Tools o Throwing Up Ad-Hoc Lab for Classes, Webinars, etc. NoVA Infosec https://www.novainfosec.com
  • Pros/Cons • Pros o No Space Required: Appeasing Significant Other o Upfront Cost  Only Pay for What You Use  No Sunk Cost If Lose Interest  No Worry for Electrical Costs o Availability  Accessible Anywhere Anytime  Just Need Internet Connection & VPN Client o Flexible Machines  Easily Add/Augment/Remove Machines based on Standard/Customized/Created AMIs NoVA Infosec https://www.novainfosec.com
  • Pros/Cons • Pros o Real-World Networking Experience  Requires Setup of Basic LAN  Subnets, Routing Tables, and Network ACLs o Access to Licensed Software  Access to Range of Licensed OSs/Software with No Trial/Timeout Periods  Especially Important Since Demise of TechNet o Home/Business Connectivity  No Dependencies on Home Broadband for Remote Access NoVA Infosec https://www.novainfosec.com
  • Pros/Cons • Cons o No Amazon-Provided Desktop AMIs  Easily Create Own but They Seem Resistive (caught?)  3rd Party Services Hosted on EC2 (put in VPC?) o Cost  Depends on Use/Machine Types/Length of Use • Stay Away from Anything SQL Server Related • Ok If Careful Though o Network Connectivity Problems  Kills Productivity NoVA Infosec https://www.novainfosec.com
  • Amazon Services • Cloud Definition o NIST • Amazon o IaaS o Running VMs on their Hardware o Two Types  Standard EC2 Instances  EC2 Instances Running within VPCs Reference: http://blog.thehigheredcio.com/2011/02/23/cloud-definition-model/
  • Amazon Services Amazon EC2 VPC Security Groups Network ACLs Routing Tables Subnet OS DNS DHCP VPN Subnet OSOSOS OS EIP DNS DHCP ... GWSecurity Groups EIP Dyn OS OSOS OSOS EC2 Standalone Instances Running on Amazon’s Cloud VPC EC2 but in Private LAN with Additional Controls EIP
  • Amazon Services EC2 • Pros o Simple & Cheap • Cons o Dynamic Public IPs o Lack Infrastructure Excellent for One-Off Standalone Testing VPC • Pros o Private Static IPs o LAN Infrastructure • Cons o Setup Difficulty Only Solution to Build True Lab NoVA Infosec https://www.novainfosec.com
  • Setup NoVA Infosec https://www.novainfosec.com
  • Setup
  • Setup
  • Setup
  • Setup
  • Setup
  • Conclusion • Introduction • Pros/Cons • Amazon Services • Setup • Conclusion NoVA Infosec https://www.novainfosec.com
  • Questions? • Twitter @grecs • Website NovaInfosec.com • Contact http://bit.ly/nispcontact