Secure Digital Life #58
Recorded on April 3, 2018 at G-Unit Studios in Rhode Island!
Topic: Virtual Labs
Creating virtual labs for fun and profit, well not so much on the profit. Today, on Secure Digital Life, we talk about how to get started building virtual labs so you can break things and experiment without ending up in a Federal Prison or hiding in the Ecuadorian Embassy.
BSIDES Orlando Shootout at Full Sail Live on 7 - April. You really need to get to this. Check out bsidesorlando2018.eventbrite.com and bsidesoirlando.org. Students are free with your ID. Labs, speakers, challenges. What's not to like.
RSA -- I will be speaking at RSA 2018 in San Francisco on the 18th of April so be sure and come by. I will be there shooting SDL on Tuesday at the NetSparker booth so if you want to see the show live, now's your chance. I am speaking at 8 am on the 18th but the show will be there on the 17th at the Marriott Marquis.
First, the parts of a lab
- You will need some sort of hardware to run the lab, the bigger the better but it doesn't matter that much for experimental systems. RAM is helpful and the more you have the easier it is (and faster) to run multiple things at once.
- Hypervisor -- this is a meta system which is used to manage the physical world and act as an interface between the hardware and the virtual environments you are running. It usually has a UI for letting you do all sorts of things with the virtual worlds.
- There are two types of hypervisors -- Type 1 -- bare metal and Type 2 -- hosted
- Three hypervisors we could talk about are: VmWare, VirtualBox, and Docker.
- VmWare has multiple hypervisors
- ESXI -- is a type 1 bare metal that is expensive and very sophisticated
- Vmware workstation and Player are type 2s that can be run for free
- [Slight note: Remember that you need to read your license agreements. If you develop something on a free platform, a la Pied Piper, but you violate your agreements, you may lose rights to things you develop and no one will care, until they do.]
- Virtual Box is a type 2 hypervisor that is very popular (from Oracle). It is open source but again, see the note.
- Docker is a "containerization" tool that is based in Red Hat Linux. It is used to take a piece of software and bundle it into an environment such that it stands alone with all of it's dependencies in a container. Products like Kubernetes are used to manage docker containers. This isn't a hypervisor per se, but it kind of acts like one.
- Let's talk about what you need to get started with a lab.
- First you need to pick a hypervisor. I like to build out vmware esxi so I can use all the features but you may not have access to that so you may want to run something like virtual box (which is fine).
- Then you will need both sources (red boxes) and targets (blue boxes) and maybe even noise (white boxes). All these things can be put together pretty simply or very complex depending on what your goal is.
- ISO -- an ISO is a disk that contains an operating system (it's really just a protocol but everyone uses this term to describe OS on a dvd). Getting ISOs can be easy if you are building targets out of open source things like linux, or it can be challenging if you want targets that use commercial software (Windows Server). Regardless, you will need to have something you can use to build out your templates and targets.
- Some terms: Gold Image -- This is a pristine install that is usually used as a template for making copies of the original to use. You don't want to mess up your baseline or you will have to start over.
- Snapshot -- this is a freeze frame of your image. It is used to make a restore point of a system so you can return to that point. A lot of times you can use snapshots to create gold images so you can start over quickly. It is a good idea to snapshot everything you are planning to use so you can use it again later without rebuilding the whole thing. Another reason to snapshot is to "experiment". When you first want to learn how to install something (like say Kubernetes), you might set up a Linux Ubuntu Server using the ISO, create a gold image, and then make a snapshot before you start installing K8s. This way, if you screw it all up, you can just revert to the snap and start again.
- Virtual Switch -- A virtual switch emulates a real world switch and can have vlans, etc. It is often used in a hypervisor to connect virtual machines to each other using tcp/ip networking. It acts just like a real switch.
- Virtual routers -- This is a much more complicated thing. These are usually software routers which are ISOs and can be installed on the hypervisor, connected to the virtual switch, and then used to add more virtual switches on more virtual layer 3 segments. VyOs, Freesco, and other tools can be found if you really want to build complex things.
Using all these things, you could build out a really complex environment to test yourself or others in pen testing, networking, whatever. Using virtual machines, means you don't need a roomful of hardware since you can just virtualize all of it.
NOTE: There are cloud based options for this hardware as well. Amazon will sell you a server to use and charge by the minute. It's a really nice option, but be sure you know what it is going to cost. Microsoft has Azure as well for this type of thing. Remember, on these, when you spin up a virtual machine, it starts costing you depending on how big it is, what it is doing (cycles), and how long it runs so ensure you use controls on this type of thing.
Blue boxes -- so how can you get some targets? Well, you could build them (like make a gold copy of Windows XP and then just clone it a bunch of times). Set up a blue box with ubuntu server with apache and some basic web site on it. You can attack that all day long and you learned how to set up a web server at the same time.
Other -- You can get metasploitables (these are iso targets), bad store, and many more that are pre built target ISOs you can install in your environment so you have pre built stupidity available to attack.