In my LevelUp webcast last week I tried to connect people to set up security labs together. Due to covid-19 people might be more open and have more time at their hands to build their own lab.
We all know, how difficult it is to set up good DFIR labs. Though an individual can never get to a quality that SANS offers, they can do better than just running a VM, firing an exploit and image the machine.
Setting up small office infrastructures and realistically looking C2 infra takes time and depending on where you run it money. So, my idea was, that listeners of the webcast could team up by using the Twitter hashtag #LevelUpLabs to connect. Marketing loves it but it did not get traction yet.
So, over the next few weeks I'll run a Blog/VLOG series called \Building your #LevelUpLab".
The ultimate goal besides connecting people is to give DFIR folks some insights into how attackers run C2 infrastructures and penetration testers the opportunity to see what traces their attacks leave inn the target systems.
Additionally people who try to build up these labs will understand even more, how much effort it takes to set up the SANS labs - hence justifying our price-point.
In the talk I plan going over general considerations of building labs (what to set up, what to simulate and what to leave out, etc), a blueprint of my #LevelUpLab and the limitations of these labs. I will include a number of demos, what I can't cover due to time constraints, I will have covered in the YouTube videos leading up to the talk.