| Follow @lancinimarco

Offensive Infrastructure with Modern Technologies

Let's be honest, so called "Security People" are usually not the best at applying DevOps concepts when talking about their own operations, and they usually end up managing their hosts manually, or via a (somehow organised) collection of scripts that try to hold everything together.

That's the reason why I decided to write this N-part blog post series, to record my "journey" and the lessons learned while building a secure, disposable, and completely automated infrastructure to be used in offensive operations.
I’m currently still in the middle of the process, so I will release the different sections as I go.

I would also like to get feedback from other professionals. Let me know if you find the information shared in this series useful, if something is missing, or if you have ideas on how to improve it.

This is the high-level outline of the different sections:

Introduction to the HashiCorp suite, and to Consul in particular.

    • The HashiCorp Stack
      1. Consul as a Service Mesh
    • The Hardware Prerequisites
    • Consul - Basic Configuration
      1. Single Node Deployment
      2. Multi Node Deployment
    • Consul - Hardened Configuration
      1. Running Consul as a Non-Privileged User
      2. Configuring Access Control Lists
      3. Enabling Gossip Encryption
      4. Enabling RPC Encryption with TLS

Step-by-step walkthrough that will allow you to automatically deploy the full HashiCorp stack with Ansible.

    • High Level Design
      1. Multi Node (Physical) Deployment
      2. Logical Deployment of the HashiStack
    • Environment Setup
      1. Code Structure
      2. Vagrant Setup
      3. Ansible Setup
    • Core Components
      1. Core Component 1: Consul (+ dnsmasq)
      2. Core Component 2: Vault
      3. Core Component 3: Nomad (+ docker)
      4. Core Component 4: Traefik
    • Sample Application