#LevelUpLabs | SANS@MIC Talk

In my recent LevelUp webcast, I tried to connect people to set up security labs together. Due to covid-19 people might be more open and have more time at their hands to build their own lab. We all know, how difficult it is to set up good DFIR labs. Though an individual can never get to a quality that SANS offers, they can do better than just running a VM, firing an exploit and image the machine. Setting up small office infrastructures and realistically looking C2 infra takes time and depending on where you run it money. So, my idea was, that listeners of the webcast could team up by using the Twitter hashtag #LevelUpLabs to connect. Marketing loves it but it did not get traction yet. So, over the next few weeks I'll run a Blog/VLOG series called "Building your #LevelUpLab". The ultimate goal besides connecting people is to give DFIR folks some insights into how attackers run C2 infrastructures and penetration testers the opportunity to see what traces their attacks leave inn the target systems. Additionally people who try to build up these labs will understand even more, how much effort it takes to set up the SANS labs - hence justifying our price-point. In the talk I plan going over general considerations of building labs (what to set up, what to simulate and what to leave out, etc), a blueprint of my #LevelUpLab and the limitations of these labs. I will include a number of demos, what I can't cover due to time constraints, I will have covered in the YouTube videos leading up to the talk. Speaker Bio Mathias Fuchs, a certified instructor for SANS FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting, is head of cyber defense at InfoGuard AG, where he is actively engaged in building the incident response (IR) practice. In that role he uses his knowledge to shape his team; develop the necessary forensic, IR and threat hunting capabilities; and proactively mediate security vulnerabilities that would be more difficult to manage later. Prior