InfosecLabsThe security playground for building and breaking

Who am I?• Systems Administrator• IT & Security consultant• Coder• Sneakerhead• Noob “If you don’t think you’re a noob, you’re not trying hard enough” - HDMoore

What is InfosecLabs?A penetration testing lab designed and built for the purpose of teaching, researching, and testing offensive & defensive security techniques.

What does that mean?• Practicing offensive and defensive security techniques• Testing POC code for students/pentesters• Testing of tools• Hosting private research• Teaching classes• Help other’s build their own lab

Why?

http://www.room362.com/2015/09/hacking-advice-for-krystropolis.html

I finally ended up thinking about what would have been the best advice for me, growing up, for "how to learn hacking", and I boiled it down right before I pulled into my drive way to two words: "Build It". For me personally, I didn't start to really understand attackers, attacks, or even simple defense strategies until I started to try to build it myself.

Lab AdminsAnthony - Creator/Admin - Twitter: @iamthehonzJustin - Admin - Twitter: @sneakerhax

ContributorsGrant - Contributor - Twitter: @tekwizz123

What’s in the lab?• Windows domain/services• Exchange 2013(fully functional)• Windows Server 2012 R2

Domain controller• Windows IIS• Windows 2008 R2 File Server• Windows Sharepoint

Foundation 2013• Windows 10• Windows 8.1• Windows 7• Windows Vista• Windows XP• Varying Internet Explorer

versions

• Red Hat Linux• Web Servers(Linux)• OpenVAS• DMZ• Kali Linux• Security Onion• Metasploitable 2• Owasp Mutillidae• Hacking - The Art of Exploitation live cd• Pentesterlab - Web for Pentesters I• Pentesterlab - Web for Pentestters II• Pentesterlab - SQL injection to Shell• Custom vulnerable virtual machines

Specs• 2 Hosts(clustered)• VMware ESXi 5.1• Cisco 5505 ASA firewall• HP SG500 switch• CPU 35 GHZ• Memory 127.86 GB• Storage 14.37 TB

InfosecLabs Network Diagram

Then we decided to make a public lab

Can I hack it?

Public lab - lab.infoseclabs.net

The first rule of the lab is…

Twitter activity

Twitter activity

What can I learn?• Web Application Penetration Testing• Active Directory• Local and domain accounts• Penetration Testing with EC2 and other cloud providers• Privilege escalation• Lateral movement• Vulnerability analysis• Reverse shells, stagers, payloads, pivoting• Password cracking

Future of InfosecLabs?• AV evasion lab• Malware analysis lab• Domain Trust• Red Team• Blue Team• More Research

Want to build your own lab and need help?

Lab building resources• Microsoft Edge Dev - https://dev.modern.ie/tools/vms/windows/ • Technet Evaluation Center - http://www.microsoft.com/en-us/evalcenter/• Bizspark - https://www.microsoft.com/bizspark/ • VulnHub - https://www.vulnhub.com/• PentesterLab - https://pentesterlab.com/ • Reddit /r/homelab - https://www.reddit.com/r/homelab

Contact Us:Website: www.Infoseclabs.net Twitter: @infoseclabsEmail: sneakerhax@infoseclabs.netEmail: thehonz@infoseclabs.net IRC: Freenode #infoseclabs