So you wanna build a Security Lab

and title this talk is so you want to go scary we're not here for the stalker in the wrong room and probably go to one of the other rooms just FYI all right my name is Jarret seats as you know I'm going to set KC Oklahoma I graduated you guys hear that feedback too or is it just me it happens you're cool are you sure yeah I'll take your word for it I graduated in the southern portal University Carbondale they have like that II know the general information technology degree lucky for me that they also have like that networking insecurity for a rim this was really awesome and really hands-on it's like you poked around we

set up you know Active Directory domains and we pan tested again soon we have Cisco switches and all that stuff that I don't remember anymore because I haven't touched networking equipment since I graduated so keep that in mind knowing you younger people that are graduating actually you know you're in college right now any hey quite a bit remember everything you know now you're going to use one percent of it you're going to get really good at that and you awesome at your job but you're not forget the rest keep that in mind I interned with the Oklahoma State of information security team this was my you know first real world of pain security is great

it's awesome I'm going to like change in the world a lot wanna tell the people how to do security then I get an internship at a State Department that's the charge of security and I find out no you're not because no one really wants to do security if they say they do but it's hard work then after that I got hired in a place called Cerner I hope you guys that's right Hosting this place the spirits they're awesome but I was just an engineer and my main focus was doing a swamp I love to turn around here ago started another company called fence point security they're actually based in DC but I work remote now so I had to sit at my

apartment and work or I get the flying table client side so it's a pretty sweet gig and I enjoy it and I'm also a certified salon consultant basically whenever I go to sites they have either haven't you spoken since so they have an old smoke instance and I help them get them up and running so a lot of fun stuff really drove my job and let's get going so what this talk will cover we're just going to go over the basics of like a security lab pulling work base we're gonna focus more on just like the pieces of the lab and what you want to do and what you want to get it's like we're

gonna it's like what you can use as well and another thing is like where are you going to get your pieces it will be different for home and work in some places humanity then think both but hopefully we'll go over that and other things that we should watch out for sometimes with different scams that go on like we'll talk about that physical oh and then some will go over a few examples like once you have your lab up and really what can you do just a few simple scenarios it basically will be what you want to focus on now we're gonna power and testing do you just want like to find admin stuff and be a better

blue team ER and then I gave a survey you know back in March and a few people feel about they totally go over that with it and then you know any good talk that is it well talk mean actually has time filler that way we can actually fill our whole time slot so on like 30 minutes early and look at my watch there's still 30 minutes left we'd start talking about random stuff about labs and figure what you guys want and what you guys are doing as well and then at the end we got questions so let's get rockin so we're going to start with how to set up a home I have dealing with

security so they think that you might feel like do you have money do you have money set aside that you're gonna buy your hardware new pieces of stuff or are you a broke college student and you just want to find whatever you can for as cheap as possible that will help focus on what does your goal you may want to be like super cool pen tester but do you really need this you know $8,000 supercomputer cloud that you know does everything you know maybe or has a very high will work or simple VMs on your own laptop you got to think about that and then again is it possible to use what you already have so like do you have a

spare lot but I mean you're working laptop I don't know if you've noticed but like CPUs haven't really been super powerful these fast readers and a laptop this few years old can still do pretty much put any laptop to date with you and I that I ran something beyond a high but the Carberry have stayed from i3 is going to store for just a lot of market and you know maybe it's all you nut and that's where you need to start so software is also me print are you so like are you Windows or anything Linux are you going to use a Mac that's something you think of it than like also like one of the pieces are gonna do if

you're doing like I never like now analysis maybe you want a cuckoo box and you want to set that up and do our announce on that and or you know he's best way and it's different when locations were setting up you know insecure right location so you can actually see what these attacks do that's something you need to think by for communist it's normally like personal goals that you yourself want to accomplish and when also the work goals may be a little different the other thing they seem to keep in mind is upkeep just like power noise all that stuff is something you need to keep in mind like if your servers like ten-year-old like this guy

is is he going to run 24 hour seven and I mean also catching and version updates and license costs and then this big one do you need approvals from others the house do you have a significant other just you know are they going to mind that there's this giant server sitting in the living room that's just one for like the whole day they're trying to watch Netflix and all sudden start spitting up because you ran a job and now they have to turn the volume up and it's not fun I've seen it happen at my friend's house it's actually quite hilarious so the next part is or glad and you take the sly slippery slide here

on the right this is they have got the same goals do you have a budget and if you have a budget it's a ten percent less than what you actually requested from you know your benefit because that's the cool thing to do is you ask for X number of dollars upper mantis-like well you know we don't really want to spend all money you know what ten percent less than that and that's what you get and then on top of that even you definitely didn't order ten percent more because you saw this coming it was definitely you you got ten percent less that may or may not be a sir there's no sorry guys again what is

the goal so the difference between a home goal and a workable is if you're doing this for work this may be based on your team this may be based on your department this main base mineral company your whole company may depend on this lab working properly being set up properly and being able to accomplish what you think you'll do and like is your company you know selling health care software does you're likely to focus around that or is your health care company based on creating a video game or is it you know cloud-based applications all that stuff will honor what your goal should be free or Latta accessory - focused around security you wanting to secure not only just your

company and your team but you also wanting your team to learn so it can't just be like oh it's just an honor thing you know someone else is what I'm doing you want your team to get stronger you want you your will coughing is stronger based on luck your lab is going to do and it goes down the same list as home its possibilities what you have do you guys have a tech refresh for a larger company it's like every three years you can shop out your own systems and you get new ones in you know maybe smaller ones you may not do a tech refresh rate you may try to do this neck refresh but maybe that old

hardware that you're not using or deal hardware you're not using because a third project diet may be like hey can we use this for our lab and operate on the total cost of what I actually need to get this up and running it's something to keep in mind and something you should leverage never change games if you have servers sitting you know in boxes well what good are they going to do might as well try to utilize them and improve yourself your team and you know the company software also different what's the cost of software are you going to just stick to open source free stuff for your life or are you going to be able to get like super cool high ends

several thousand dollars worth of software for just your lab maybe some people call out nonprofit and make it you know a mask rod so you actually have a place where you can do full testing on what attacker would see if they physically trying to go after you the war prior environment without you know risking your part of our map every day for some you know random stuff that you might try to attempt to see like okay is this lower the system might go down but because this is our lab we don't care again up cute are these servers need to be on all the time are they just going to be sitting in like your bosses off

this city in the corner which looks like a single wire woman episode apposite or will they have a dedicated data service like this as well most companies what did a senator or you know closet right next to the groom and the mom and all that stuff and then again do you need approvals from others most likely yes you can't just bring it random hardware store stepping it up and then you know awesome hrs talking what's all this extra equipment and it's making a lot of noise no one can you know get work done because your servers of just buzzing away and it's a real mess so getting approval is probably a good idea especially for work so what should you

actually use this will go into the point of like will you be using that excellence like physical Hardware versus like the MS where you just spin a lot like hypervisor or you know super cool things you see containers now a doctor or you know using someone else computer in aka to the Cobo because if you know Amazon must have hooks your security lot that's great that would be fine right guys everyone sets up security stuff in the cloud with no repercussions and no legal issues at all most that's what I do I don't know about you guys again once we go into that like what unless you're going to use Linux Windows Mac you know BSD you know FreeBSD for PSX is

pretty awesome AIX hp-ux that you can have an old server a few X system that can't you can't get rid of because it has this critical application you want to make sure that's secure it and you can't actually make it secure because it's got to do X Y C and who knows you know cleaner or less like you're thinking to come back actually who has heard of clear of us before and not as many as I thought but it's a it's a doozy I tell you what one of my old manager oh that was just a few years ago so it's already dead by that time so going on that like what types of software is

again going on like what exactly were you wanting to accomplish there you do it like web application testing are you gonna do your power and malware or such an earring or are you going to just do like specific admin stuff and doing testings of like like what systems do what what what ports are active just simple so like simple program testing and then version properly in cash flow matters so for example again malware sampling if you have an hour and like you see a Windows Device get infected on your network but you want to test in your lab you may not have to use like the if you try to use a fully patched Window System in your lab you're like oh

it doesn't work so this was just a fluke when there's actually a two persons old and none of your laptops are actually pops with a fully patched version in your network so it's just something to keep in mind on the way you're looking something and other things like different versions are supported for your licensed software so is this verse and even you know applicable anymore visits old and this company won't even talk to you about it and why is it in my lab and why are we still using fraud that's something else you're gonna keep in print as well but clearly everyone will just go to use Watson and we will need any Lex watching us all everything

for us those seek DNA's and you know the great because actually just putting your order for Watson you don't even need to go to those top people on top over guys that was easier than I thought but it looks like where to get your stuff as well so I'm gonna do move in on a site called eBay not as many as that you're lying to me now so eBay is a good spy but there's also a new site have been sitting 100 lat black gopher no one yeah it's a it's a neat little site it'll actually you know look at the eBay les listings for you basically search for servers and it'll tell you like which ones are good deals

and which ones are bad based on RAM the CPU in it and I haven't used it personally and I just discovered it like two weeks ago and I haven't needed server equipment between two weeks ago and now as you can tell them so it's um it's something to keep in mind but I would leverage that if you're looking for actual real server Arbor and then you can actually use the eBay another place micro Center if you just need like a Raspberry Pi to get stuff done it's like you're setting up like a DNS high title and Lucas : yeah so set that up you just be a Raspberry Pi to do that and that thing

is amazing and then princeless is another big one for servers that's actually wearing out of this guy the big one from was a Craigslist ad a long time ago and he actually sold me a server rack as well with the server and just like 75 bucks for this server and I bought like three of them and then the server rack was another 50 bucks and it's like 10 foot high and sitting my friend's basement because of an apartment this was back when I lived in Illinois so it was uh but yeah Craigslist we have a lot of good deals used to I know it's only four of us if you start looking for sir they're gonna get these like dining sets

as well that's cool it's like stainless steel with silver dining sets are when you're looking for actual you know hardware keep that money your basement if you have old hardware that you're not using anymore you'd be surprised they'd be like oh yeah I forgot about that you could use that probably not the best solution because if it's in your basement it's probably been there now or you already know why I say your basement because it's broken and you've already scripted for price so keep them on another site is anyone fair credit what's that it's just it's this one website that people go to and they complain to each other about stuff there's one get sexually

another collab and if you think what I have is crazy just go to home lab to look at some of their stuff actually I'll go to another one data orders you Dan they've got some crazy crazy crazy stuff we'll talk about that a little bit but home lab is actually a really good resource they have a wiki on their page and I thought about just copying that and making that my talk and just using their with you they're probably the 10 times better than my actual talk that you're me now so after this talking you're all disappointed go to Reddit on that and look at their looking video maze and all the stuff you're gonna learn from them

another thing I keep seeing that a lot by the way sorry guys I just realized that you can repurpose equipment again you know stuff lying around servers you're not using both home and work and just use them as long as they you know fit into the the area that you want them to and they won't like break the bank with power and and the one it's so just some keep in mind and then secondly has a slack channel it's anyone been to the SEC eight states like channel yeah there's actually a channel but you may not have another call the black market and set Kacie black market and people actually saw random stuff there all the time and

sometimes they give it away sometimes it's you know hey I've got this what we get me somebody it's another good reference accessory for global and another thing is like to get and you may not believe it but my Kia Souls these things called black rats and they're not designed there are such as coffee tables but you get something if you want to even Google or being you know search black rack and you'll find people that put put men on these like she really really cheap like coffee tables but they're the perfect size to fit you know a one you system or multiple use system like switches and routers a little bit right there rack mountable items effects there's some two

pictures that I found and I would not recommend doing the one on the right because that's probably above your head there is that is a lot of weight almost sisters as much as I trust IKEA stuff I don't know if I trust IKEA so much thanks especially especially on defense yeah even if you mount them I wouldn't do a guy but like the one on the left is probably pushing a little bit as well but that's what people do and you know what for an entry-level system if you don't know any budget you don't want to just have your equipment lying around they work that's when I first use was just a simple black rack they're like eight bucks for the

small one and there's there's a longer one that's like a coffee table and it's I think 25 bucks it's you know it works because it's just the perfect link to like set your equipment in and it's there and it's I mean for the price it's nice so while you're looking around for your equipment as well another thing to keep in mind is to pay attention to specs and not titles or passengers if I was the manager take a picture through the spot so I've met that quota so when you report the sense of the talk police say you had a cat that sure he's fine the other thing if you find this is a real picture from a real TV listing and

this guy really does take pictures of the servers with his cats and he's got a great rating but you have to pay attention to what you're buying and you can't let your heart go out because they have a puppy or baby or some cute thing with their servers that's completely empty doesn't have anything that's missing Rando CPUs and then trying to sell for $600 I'm saying that this guy's doing it but the price was probably a little higher than it should have been from what I saw but he also sold the system so it works he also has a Twitter account so keep that in mind marketing guys when you're also looking for your equipment

if eBay or something make sure likes that Biffen suspects what's in the system what's not in the system like you'll see a system like this stuff that looks like it's full of drives and full something you read the description they'll say it right there please read the description first impro it's the picture is just another random picture of the server a stock image and then you'll see don't drive no drives less which can range from like 10 bucks apiece to like 30 bucks apiece and if you have like an 8 based server either you stick your drives in and like kinda like put like cardboard in between the I don't know this from experience by the

way but you put cardboard in between just so they slide in correctly and then hope nothing touches the server while you you know you're using it because if something wants them where the drive since our to the drives power through the dry stream out and your raid dies and you're just trying to figure out what happened and you notice like some of your drives are tilted the wrong way it's bad times and like I said that fifteen or thirty dollars per garage it adds up quickly so if you're one of the fill up these days time is 15 does anyone do it with mass 8 8 10 15 we'll see next time I'm gonna find out what

could be like could you get a better spec system with drive trays or maybe people with hard drives for 120 but this thing was asking so keep that in mind also how much rain is coming to the system and if it actually comes with drives most of them to building they're come with like one drive and sometimes it's like maybe you terabyte it but they need like three like 320 big drive they're not actually like SAS drives your state of Carabas the other cool thing they do is put personalized like eight times in the title so you know this server can be used with virtualization and they'll be like new toughen up personalization virtualization to those that use it for

your personalization system I'm not kidding I've seen seatpost like that and it's really annoying but they want you to buy it because they want they know you want to use it personalization stuff so yeah the other thing you can't forget it's networking you're like alright hang on this new server or we're gonna put stuff on it now how do i connect you to other servers and its systems and internet oh right so when you're looking for work what me are like do is it just going to be like a single instance and you're just gonna plug it into your home router and hope that it doesn't actually take down your network when you're trying to end that

scan a segment and you did put in the right you know address they actually start pinging and destroying your whole home network and now the kids and their family can't get on to Netflix and now you're getting yelled at and it's just fun or you don't have like specific equipment set up and you're going to do feeling it's because VLAN set up all the problems especially for these work systems do you deal in something something off you're just you won't you only have to worry about it anymore because there's no way you're gonna screw that up either you're not gonna only accidentally you know start hitting your pride network because that works wrong so it's

something to keep in mind and when you're looking for home stuff it depends on again do you want to get better at networking get some you know real Cisco switches and routers or my favorite is ubiquity I actually have the ability ap and I use it from our wireless network and we'll try to connect my IOT devices to because I don't trust them at all and everyone else should too guess Alexa is always listening in fact there's a talk next door about a lifestyle mistake FYI so that's how that there are actually you know who's heard of PSS perfect it's an awesome tool it's another system you know you spin up as a VM when you click

on a physical device and that can be area you're now can you do I say use and then for switches when you're looking at switches make sure you pay attention specs a lot of older switches or 10100 although probably not as much anymore but it's something just to keep in mind that if you're running if it speeds maybe it's not a big deal maybe you don't care if it's 10 100 because you're just using an old Raspberry Pi you know be pure gigabit speeds but when you start transferring larger data so like when you're answering your rainbow tables or your Linux ISO those rounds they take time so it's just something to keep in mind when you're setting this up

again for now people that pay attention like it is a managed device where you have to set everything up specifically give us a variety of the sentence a lot of stuff war which is the non man's work you just plug it in and it works by the way I love those ends because you just plug in stuff and it works because I'm lazy and I don't remember networking anymore because a bit more I slew them a basic manage switch but I don't get into it as much as I probably could but it's something even winding if you really do have to send it off your network from other networks because of you know security concerns also cloud-based networking who

was dealt with AWS before who's heard about AWS buckets being open on the Internet keeping in mind things when you're setting up your own lab to like test out like what makes this bucket over to the Internet but what makes this bucket close if you do eight of us stuff that's a good way to test because skin your own stuff would be like hey this buckets close this buckets open what did i do differently between these systems and that way you can actually help set up you know in the future you can actually secure these AWS systems so we don't see the news every two weeks by the same guy who keeps finding stuff every two weeks

and like I mentioned before but you quickly isn't awesome simple to use you can almost plug and play to get to work it has a lot of customized things you do the APS are like 70 80 bucks apiece and then all you need to do is like set up you can set up a VM for their actual you know the controller is the word I was looking for and set up the ad completely and hit piece of cake actually you can fry sudden up I'm just the basic with this device nobody ever saw we're out yeah so you want to set up on BM this power so go for power because it's actually a big

piece to what you're doing for your lab work is probably not as important because you're in a data center and your lab problem isn't a major milestone but maybe he's going to keep in mind literally if you're going to keep old equipment around or do you equipment bring in so basic setup I have an old TS for 40mm a few years ago and it works fairly well it's gonna be my storage server and a little bits it's down for permissioning because it got replaced by this because this one uses a lot less power and as you can see he's just plugged in is using about 5 watts and then turn it on 105 once it had about

four distinct drives for this guy when he's turned on with the server off so I've got like a switch the AP Raspberry Pi and a couple other devices plugged into this when he's turned on to use 23 watts and then when I turned on my server which is a little tiny one you system it's a Super Micro sys b200 and it only jumped to 65 70 that's running with like five be a nose and setting networking bunch of stuff is held with two little SSDs in it so super low power for what you're getting and then send this old server that I've got a few years ago I turned him on last night to make sure he

did still turn on and he does and hopefully will turn on right now it depends on where you're at but uh I shouldn't mess with that now that you say it that would be cool I think what I did before

the Superbike roads and their half of the power bill I mean yeah it adds up real quick and this guy can you guys hear why he's my quietest of all the servers I had because I have like a 4u server that was super louder than a couple of one units that were those like rocket engines like they just stay that way and it's awful but this guy he's running about 196 195 and he's not doing anything I just turned him on he's not running any software he's not running any applications and he's around 200 blocks so he's almost double of what the old server was turned on before this he was running a few things as well but like I

said this guy's about 10 years old but again double that $15 and now you're talking about $30 a month and that's even when it just adds up a ton and this guy he's like I said bought a long time ago and he's noisy really noisy and after a while I just didn't know lying here like okay maybe I won't use

but another thing people lined with these old servers is how many you guys see a special craft before yeah so make sure that stuff you're buying is fairly current and has either say that obsess because that way and we skip normal Apple normal hard drives in them because once you start getting super old and they're super cheap but these this drive is 73 days but it's a 10k it's so super fast still slower than SSDs now so it's so you wouldn't you to point I guess would say but it's something people on we were looking equipment that a lot of this stuff that may be cheaper may also be a lot it's the same for networking

but that never go visit course or being super Locker so like if you're thing like all of us put this new Cisco switch that I got in your words DSA we still find a little bit here okay so when used to decide to like just not stick this in the bedroom because I love the white noise and then you're like this is really loud I don't like this one good that also goes with me I promise but it's only keep in mind and when you it will go back to that slide where it's like how long is this gonna be on are you just going to turn this on occasionally like do your lot of stuff few hours a day

maybe on a weekend maybe it's not a big deal then to like save you want $1 just get more server because it'll do it you want more but if this thing needs to be online 24/7 and like you want to know all the times even run along testing and doing some of that you've got to keep that in mind this will add up quickly for either home artwork so at your job your work doesn't have a limited budget for power but again it may be a profitable for larger companies but for small ones who don't like that work but then again if you're stealing a few Raspberry Pi is of course what are my power you know why don't you just make

your lab pay for itself and you're like yeah I need all those deep use for you know rainbow tables you know ash crafting stuff like that and then during off time you're not cracking passwords you can just you know do some ethereal mining Bitcoin mining what are some other crypto currencies that are pop today oh you got a sec Casey coin it's actually going definitely about like that all the time dogecoin never goes out of style I've got a bunch to do it's going actually you should and everyone else should is love because go swimming is definitely not you know I've dropped and I'll support it anymore it still exists are on the point is it yeah that's the first time

for that so but this is something else like are you actually going to use your vibe for password cracking for clothes to be at work and plan and then while we're going on just password cracking think it's good you know rainbow tables and then having a lot of storage and we'll go to data orders and see what they have for their stores and then you see these people with you know you're like God wealthy terramycin their terabyte it's going to double digits triple digits and they're talking beta bytes and this is just for their home they're not talking about you know you know big working drivers or some other home and all the Linux ISO that they legally have

account limited to hold all the storage petabytes today and I am in serious it is it is impressive some of the equipment they have but it's something else to keep in mind on where you're using I wouldn't use any of these drugs I think these are old like IDE drives for laptops does anyone want to correct me on that if I'm wrong absolutely correct yeah so but keep in mind like for storage like going for your lab what do you use for and what you're doing but another key piece this thing what's the big thing that's going on right now with in the malware world for security ransomware what does ransomware do any crypt storage stuff so when you're setting up

your lab and you're wanting to test off different things you might hit a piece of ransom what's one thing you don't want that piece of ransom money to read and wipe out all your storage so if you're at a work environment and they're like oh yeah you can just use our normal sand for the VMs you're spitting out via Billy's network to off-site Nets off there's no way they're gonna get some raw data completely encrypts the whole products and it's it's a risk and honestly I wouldn't want to risk it same for your home network you don't like set off a time bomb of some kind of ransomware your whole network and then have your fog machines in your number

box with a little message saying please pay us Sony did if you want to see your whole network that's apparently I went to a workshop with hospital yesterday and they're just going to double the amount and then eventually set off bombs in the city yeah that's that's what the work selfish yesterday it was quite interesting I recommended they do it again next year to go to it because it was this point of a interesting workshop for sure but back to storage check data borders if you really need a massive amount of storage and how to set up like an asus and it's just for your own use and keep then what whatever-whatever going to use but make

sure it's you know segmented off a few years ago historic this sometimes you're just going to ruin everyone's life if you're not careful so xkcd who has seen this comment before ooh it is it is a good one and it's one of my favorites if anyone wants to do this let me know and we can team up and try to put this together for next year's besides and we'll have a TV and we'll show a little irises running around and like the whole xscape the network and hit wherever it's the most it it he'll be great great fun right guys and i also did the mandatory xkcd to talk slides a nutshell again once you talk so talk please to tell my

past that kind of small but some things that you'll need to keep in mind like what exactly are you gonna do with your security lab okay actually let me ask you who has a security level ready for the reasons day what are some things that you do you yes

we're environment I've actually

we're our own stuff actually within the are we for people it's awesome that is super awesome and much cooler than I was expecting that is actually made stink older than that yeah have a graduate program over you did you raise your hands what do you have that's not going to download itself good job uh-oh I cited that before and then I'm like but all my Olympic sites of bigs space so I had to dump a few rainbow tables I know I did that as well I did that as well having Google Fiber makes it a lot easier just for read downloads and then you or the back what do you use your lap for Oh Linux live didn't use no big

windows like they said no no anything

nice perfect that's actually pretty awesome do you have like a full domain set up with like DNS and DHCP and maybe tried to break it yeah have you accidentally broken actually baby prefers the broken animals not yeah that would perfect this plans just kidding so but other like other topics you use raspberry pi's I mentioned before the DNS the PI poll for Raspberry Pi just look it up cool products cuckoo is another one from their website they're an open-source automated now or analysis system so take that with what you will who's used to do before is it as good as they say this the ass okay so Mike's my experience was not great but I've seen

it ever used everywhere so Mike I'll mention it okay now I don't feel nearly as bad also just like standard VMware overflow box studying about your laptop it's free download install it set of BMS on your laptop desktop you could go bigger and do you know virtual learn operational boxes so that with the VMware Workstation VMware fusion and feels that way then you know hypervisor system when it's like yes it's high and proxmox and hyper-v Lucy actually boosts use hyper beam oh good good I tried it just didn't work out for me I made you they keep digging and we're a little better than two now another thing you should have and this is coming from

this experience link you should have a longer Eurasian system to keep track of all the stuff in your environment so like spawn Cal great long be good systems to set up and just like if you're doing something on this environment in this network maybe you want to have all your logging from all your devices go to a centralized point so you're like all right why did this to this device let me go to my watering system to see what exactly happened and then you can go through and just they want to place and look at all so if you're an organ private you want to make sure if you're testing different power to see if the malware behaves different

if there's a lawyer on there if there's not because some will see a sponsor summary and they'll do XYZ instead of ABC and they'll change their behavior patterns because they know that if they just blast away the logs locally it was just what they were planning to do you're still going to get it because you have assistance of others may actually check to see if they can modify a good face for you know spunk for instance and change it so it's not looking at that system wipes it during the time that brings it back up so you don't know you're still a greeting but that's something you because you should have control over the whole system you can

see what's happening to your environment and why you sent eleven first place let's see if in a sterile environment so you know what's going on what's happening and so you can see the full scope of what is actually changing also like the cool thing about these long is that you know it's not that one who prices is your IPS get yourself there is setting off stuff like that it's just one single location I think it should be in every kind of lab just because it will help give you a better picture for me now so let's take a look see up my nose this is actually ok the other thing I want to mention if you want to do basic

I don't know if it be web testing but if you don't want to do anything but you just kind of want like go to the test of Sciences over the wire dot work it's been a long time something I need to go back and play through those again but they're just basic with front-end stuff that you can test about you don't eat like a full-blown you know Linux County system of the grind 24/7 so like do these simple tasks and it'll help you get started and find out whether it's for you or it's not so so using the Internet at its base what I'm saying next to finally again so I mentioned this earlier I gave a talk or any good

talk I mean sent out a survey over this talk to see what they had in their laps it's only half alike a week if you didn't see it Alan posted in a few places I was basically a test run I'm hoping to do another survey which would be a little more widespread and then I'll basically be writing a white paper with my professor on home laughing and with security and other you know varieties of home labs and you know do whatever white papers do because I've never brought one my professor has and I want to talk to them with me like hey this is his idea so though it should be fun but like I said I send this out I

had about twenty people respond so much my friends try to respond like I have no idea what you're asking and they're not technical at all so I'm like okay I got to make sure I'm close to supply channels that I know people will understand it because if I don't just lose a bunch of blank surveys have about ten of those so I'd like 30 total respond to like ten these are probably all my friends that clicked on I didn't bother doing anything because they just message of being like what is this but what I saw was about most of them were homeless there were a couple that did it for work that work specific stuff and most of

were to train their teams and train themselves on different stuff the day one was like setting up on our VM and then infecting it and then seeing what happens others were like no go back slide alright

most of them also use v6 I and XenServer for the hypervisor there are a few that so they had a couple like physicals and one of them basically mentioned they only this one had physicals lying around was again from our sampling to see if they reacted differently on a physical hard server prepared of the end because they noticed sometimes the power with it will behave differently depending on what in effects if it affects a physical device or it affects the VM others were come on sorry I keep putting the arrow keys on my laptop and it just flips to the next slide instead of scrolling like I should okay I don't know why I wrote that my notes I'll

figure it out later but again most somewhere using for that some are using it it is biased because I also asked people my company a lot more using it for setting up Splunk instances and they were basically setting up basically spunk enterprise for security and testing different things that out for themselves and for the company over for but my company has a bunch of fun consultants so that's a little bias but I'm sure everywhere else they probably do similar things with plate software they're familiar with with maybe a vendor their specific book as well and I seen that with a couple of other people I I assumed they responded from like sent AC because I share the link there

as well but like ice also mentioned I will be sending out another survey hopefully in couple weeks I'm gonna try to spread out I have actually a sign-up sheet up here if you guys want to give me your email address which is totally cool to do a security conference okay you can trust me and I'll eventually send out our survey link and there might be why you're getting this email for me and they'll be for my personal gmail account but again we've already went through this part was what are you guys using are you guys using like physicals are using VMs the ones I have left already then there are 710 that's a big one now

see I got a Intel nuke high five yeah so is the dual channel RAM so I have 32 gigs and so it's using VMware this so one thing I got when I was starting this up for my storage was HP the HP my group servers like HP 50 L they were like fire some for like 100 150 bucks apiece and it's like a forebay hot squat drive and it's a little mini server on a little Atom processor and then ice put system called Synology very Synology which is a clone of Synology which is basically plug and play simple and that's my pledge server and I've actually got two of them someone's a flex or my storage and I've got a few

terabytes and stores are there for all my Linux eyes those guys we've got a got actually keep sharing that as well seeding CPU or Linux ice with some other people to download that's important and a VPN so but the one thing I mentioned my little HP micro servers because HP has a system called I love to go rob rodeen answer server but they also made it to where and that you can't download your any firmware updates unless you have like a support contract with them so if you're just a home library you don't have a full support contract with HP you can update your firmware and if you can't take your firmware you're like who

cares but then you're like but I kind of want this feature and I can't do it because I don't have a support contracts and pay attention to your vendors you're buying from is basically the same and then seeing what their own sets are also if you also have enough puts because of bitcoins you know GPU prices have one of my life and all Hardware prices are actually kind of I ran this stupid night and I don't know why I ran this so high except I blamed the cryptocurrency but does anyone have a real reason why Ranma so Mike's I'd love to your cell phones yeah that makes sense the little little cell phones really that's not the finding itself yeah the

sooner models that are taking up a lot of memory supporting all of those connections yep another thing to keep in mind is to see wanted to make sure your actual if you're looking for old partner cakes for your CPU actually supports personalization it should but there's a chance that it doesn't and I just want to make sure like if you're looking at Harbor you know just buy something specifically for virtualization and you find out that you can't actually virtualize anything on it because that's all whole and that it has happened of my friends not me because I poised on the check because of my friend self are what is that it stinks over there two screws

but it happens final thoughts again just going over what I said before keep license and check whatever you're finding a girl I have said you know open-source versus closed source it's like you're actually going to do is it can be using that hardware hacking pretty big as well so like if you want to do different Hardware pieces that may be a part of your lab it's like if you guys saw the first keynote about car hacking his lab mate you know probably contains a car or at least pieces in the car so what you're looking into what you're wanting to do keep that in mind as well and like stay here budget and stuff like that also here's the sniper

kill chain is this still a thing cyber kill chain I here this has to be in every single security talk I just want sure that you guys know that here's the cyber guillotine has nothing to this talk except that you should have a poster of the cyber kill change around out graphs of security labs if you don't have a poster of the cyber kill chain sitting on your wall on your lab it's not a whisper yes as well he's bathing himself too because everyone knows the cool thing now is the Mitra attack model so now you know how to make your own cloud and you know where you can get your copy of about two three let's give

a round of applause guys for second AC because we're rad cell questions I just yeah basically on my Super Micro I think I did this network to II guess it's I host on it and then I actually have a VM spawn with I prefer DMV sphere ice about would be spear-like license deal that they have that's like a yearly program where you get like a bunch of different being on her license plate three or both so I just said vSphere center on there and I could just get to that so I don't do anything Harbor based up on the mic reflection is over now if I do is just use the VGA so but most of us just spits out that arm

at this month of our manager so also our sponsors is there also and this is all the others but please let me know I did if this was a terrible talk I want to know so I could be better because I'm probably talking in the next year because I talked last year and people are just getting the same boring talk over over again or I talk too fast or I say um or what was my word like I've said over and over again if I keep doing that over and over again every year it's just gonna be awful so please let me know I did so I can do better and get better talks on our terrible thank

you guys [Applause] five minutes until Radford is ready to give this song