A few weeks ago I had the honor of presenting some initial research on setting up a pen test lab in Amazon EC2 at BSidesLV in Las Vegas, NV. The goal of the presentation was to provide an overview of their cloud architecture and describe how you could take advantage of it to quickly build your own virtual pen testing lab. Here’s the title, abstract, and the slides.
“EC2 or Bust – How to Build Your Own Pen Testing Lab in Amazon EC2”
Interested in building your own pen test training lab but lack the hardware or software to roll your own? One option is to go the way that most companies are doing these days and build your own “infrastructure” in the cloud. Not only do you get the cloud benefits of only paying what you use and the ability to expand when needed but you also get a range of licensed victim servers to choose from. This talk covers the basics of Amazon’s EC2 cloud infrastructure (e.g., EC2, VPC, basic network and routing, Elastic IPs, Security Groups, VPNs, and Snapshots) and step-by-step instructions on configuring this infrastructure to build your own isolated test network complete with licensed victim servers or customized AMIs.
Today’s post pic is from SecurityBSides.com. See ya!