Deploying your own cybersecurity training infrastructure with EDURange

Jens Mache

Are you interested in hosting your own competitions/ CTFs/ training exercises? EDURange is an open source project that is both a collection of interactive, collaborative cyber-security exercises and a framework for creating these exercises. It is designed to provide an active learning environment focusing on analysis skills.

Recently, EDURange has been rebuilt to allow for users to host the application on their own hardware, or to be run on a central cloud server. This means that if you have any machine, whether it’s a server connected to corporate or academic infrastructure, or your own personal computer, you can spin up any of our exercises to play on-demand. These exercises take the form of one or more docker containers that each simulate a complete UNIX environment, and range in difficulty from a basic introduction to using the command line to more advanced network reconnaissance and Metasploit. We’ve also built our exercises with the capability for customization in mind, so if you have your own tools or materials you’d like to include in an exercise, or even create your own, EDURange could be the perfect solution for you.

In this workshop, we will demonstrate the initial setup process of the EDURange platform and assist you with getting it set up on your machine. The installation process is very simple, as we are hoping to be able to provide a pre-configured virtual machine. If you have access to a cloud instance provided by AWS or Azure, that would be a hosting option – but it is also perfectly viable to run it on a spare device from your home network. By the end of this workshop, you will have our full infrastructure deployment system configured on your machine, with the ability for others to sign up or be assigned accounts, and be able to easily launch numerous virtual environments to play our full catalog of exercises. See some of the exercises at https://edurange.org/scenarios.html

Prerequisites

Students should come prepared with:

  • A native Ubuntu or Debian machine, or any AWS/Google/Other type of cloud instance or a virtual machine. See the documentation

  • Alternatively, students can use the hosted demo version, so that anyone with an ssh client can at least try it out and play some of the scenarios.

Jack Cook is a software developer at The Evergreen State College, where he recently earned his Bachelor’s degree. He has been working as lead developer on the EDURange Platform for the past two years. Richard Weiss teaches computer security and general computer Science and mathematics at The Evergreen State College. He started the EDURange project in 2011 with Jens Mache and Michael Locasto.

Jens Mache teaches computer science at Lewis & Clark College in Portland, Oregon

Creating a AWS Pentest Playground

Jon Helmus

This workshop will walk all attendees through a process of setting up a safe pentesting environment that attendees can practice ethical hacking on both AWS services such as S3, Lambda, and EC2 - as well as learning traditional hacking methodologies.

Aside from ethical hacking, attendees can also expect to learn more about AWS and how to maneuver within the AWS console and the AWSCLI.

Prerequisites

Students should come prepared with:

  • Kali Linux virtual machine (VirtualBox Preferred)
  • AWS Account

Jon Helmus is a Security engineer and educator who has been working in engineering, security, and information technology for 10 years. Specializations in Penetration Testing, Threat and Adversarial Assessments, Vulnerability Management, Cloud Technology (AWS), and experience as a Technical Educator and University Level Professor.

Hiding In The Clouds: How Attackers Can Use Malicious Applications for Sustained Persistence and How To Find It

Mark Morowczynski and Bailey Bercik

Applications are modernizing. With that, the way permissions for these applications are granted are also changing. These new changes can allow an attacker to have sustained persistence in plain sight if we don’t understand how these work and where to look. What’s the difference if an application has permissions or an application has delegated permissions? Why did that admin account consent to that application, should I be worried? Is that application overprivileged? I have thousands of apps, how do I account for this? In this session we will look to demystify and bring clarity to these questions. You’ll understand these new application models and how they can be abused for sustained persistence, how these permissions work and what overprivileged looks like and finally, how to find them in your environment.

Prerequisites

Students should optionally come prepared with:

  • An Azure AD tenant to be able follow along.

Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was Premier Field Engineer supporting Active Directory, Active Directory Federation Services and Windows Client performance. He was also one of the founders of the AskPFEPlat blog. He’s spoken at various industry events such as Black Hat 2019, Defcon Blue Team Village, Bsides, Microsoft Ignite, Microsoft Inspire, Microsoft Ready, Microsoft MVP Summits, The Cloud Identity Summit, SANs Security Summits and TechMentor. He can be frequently found on Twitter as @markmorow arguing about baseball and making sometimes funny gifs.

Bailey Bercik (@baileybercik) is a Program Manager in the customer facing arm of the Identity Engineering division at Microsoft. As part of the “Get-To-Production” team, she acts as a trusted advisor to Fortune 500 enterprises deploying Azure Active Directory. She’s previously spoken about Azure AD customer stories and security recommendations at Microsoft Ready & Ignite, Blue Team Con, and the Diana Initiative. Prior to this role, Bailey worked on Microsoft’s incubation team for Decentralized Identity.