| Follow @lancinimarco

Offensive Infrastructure with Modern Technologies

Let's be honest, so called "Security People" are usually not the best at applying DevOps concepts when talking about their own operations, and they usually end up managing their hosts manually, or via a (somehow organised) collection of scripts that try to hold everything together.

That's the reason why I decided to write this N-part blog post series, to record my "journey" and the lessons learned while building a secure, disposable, and completely automated infrastructure to be used in offensive operations.
I’m currently still in the middle of the process, so I will release the different sections as I go.

I would also like to get feedback from other professionals. Let me know if you find the information shared in this series useful, if something is missing, or if you have ideas on how to improve it.

This is the high-level outline of the different sections:
  1. 29 August 2018Part 1: Introduction to Consul
    • The HashiCorp Stack
      1. Consul as a Service Mesh
    • The Hardware Prerequisites
    • Consul - Basic Configuration
      1. Single Node Deployment
      2. Multi Node Deployment
    • Consul - Hardened Configuration
      1. Running Consul as a Non-Privileged User
      2. Configuring Access Control Lists
      3. Enabling Gossip Encryption
      4. Enabling RPC Encryption with TLS
  2. Part 2: Consul Connect and Vault as a Consul Backend Coming Soon
  3. Part 3: Penetration Testing Setup (the manual way)
  4. Part 4: Automation (Packer + Ansible + Terraform)
  5. Part 5: Training Lab
  6. Part 6-X: Red Teaming Setup
  7. Part N: Cloud Alternatives