Forum Discussion

hexninja's avatar
hexninja
Icon for Bronze II rankBronze II
2 months ago

Custom Lab creation AWS EC2 image issue

Hi,

I am trying to create a custom lab in AWS EC2 Ubuntu but our works AWS account blocks the security group for inbound rules for SSH 22 and RDP 3389, so get to the point were I can save the EC2 image to an AMI for the lab.

The other option for connecting to the lab is to use Web http port 80. 

Are the any helpful custom lab guides for helping set up an AWS EC2 with a web app?

I was thinking a browser as the web app would be OK as the lab would involve looking at static web pages. 

TIA

Rob

4 Replies

  • Hey hexninja​ !

    This is awesome! Can you tell me what you are building exactly? Is it a vulnerable web app?

    For clarity, when you share your AMI with us, we deploy it in our own lab environment, and we apply our own security group to that. We don't copy it, so you must keep a version of it in your own AWS account, but we do deploy the AMI itself in our own account. This means any network SGs on your own side aren't an issue. Unless you are talking about not being able to actually build the AMI because you aren't able to SSH/RDP in to test it?

    We have a TON of docs and videos coming out soon to help people with building their own labs, which will be available in July - along with some other new features I think that will help you. 

    Matt

    • hexninja's avatar
      hexninja
      Icon for Bronze II rankBronze II

      Hi MattParven​ 

      I have managed to setup AMIs in our AWS 'burner' accounts and share them with Immersive Labs as our 'burner' account supports unencrypted EBS storage. My issues is these accounts are reset every 21 days and not suitable for storing the AMI long term.

      Our normal AWS accounts do not allow unencrypted EBS (company wide policy) and so when I share the AMI it does not work in Immersive Labs as Immersive Labs does not have the encryption key!

      Is there any way to support sharing an AMI with an encrypted EBS? I guess we would need to share a key or use one of yours?

      Thanks,

      Rob

       

      • MattParven's avatar
        MattParven
        Icon for Immerser rankImmerser

        Hey hexninja​ . If your organization is forcing encrypted EBS and there is no way to create a long-lived AWS account to store them unencrypted, this could pose a problem.

        We may look at an option to "Copy" AMI to us in the future, which would mitigate this.

        However in the short term (July), we are releasing a new feature that is basically an "image library" of machines we manage that you can choose from (Kali, Reverse Engineering machine, Forensics machine, etc.). These machines allow you to upload files (like logs) without needing to build/manage the underlying machines yourself, and I think that this may suit your needs. 

        What type of software are you needing on the Ubuntu machine to do the log analysis, is it custom to your org or open source tools? 

        Matt

         

    • hexninja's avatar
      hexninja
      Icon for Bronze II rankBronze II

      Thanks MattParven​ 

      What I am building is some training for our team with work specific logs that we can analyse with an Ubuntu machine.

      The issue was that our infrastructure blocks SSH and RDP so I wasn't able to connect and test to the image directly within our AWS 'burner' environment. I can connect to them via SSM but as it is just command line, setting up the XDRP Ubuntu GUI is a bit iterative knowing which parts are configured correctly ready for a user to interact with such as getting the test data and tools on the Desktop.

      However, I have been able to build two AMIs and tested them in the Immersive Labs Create a Lab section and it works!

      One is an Ubuntu server machine connecting via SSH and the other is Ubuntu GUI machine connecting via XRDP. 

      I have some issues when when trying to share our AMI's with encrypted(company policy) but I will send a separate message