or “Leveraging the Cloud to Pwn your Mum”. .. (Cheers to @irldexter for the name idea)
I was fortunate to get a DM the other day from @Kimono asking if I’d want to do a lightening talk at the Perth CloudCamp today. I immediately got excited about the opportunity to talk about something that I’ve certainly been experimenting with over the past few months, and it’s pretty trivial stuff if you think about it, and fairly common if you’re keeping abreast of current trends in web pen testing. Why run your applications locally, over your local connection, if you can run it from the Internet.
This is certainly an idea we’ve been playing with at BeEF (BeEF-cloud – pre-canned AMI images for Amazon’s EC2), and something that Dinis Cruz just talked about if you’re interested in running up O2 in Amazon. And why stop there? There’s great benefits from running your SET and Metasploit from Amazon’s environment too!
Having only 10 minutes was fairly limiting, and not really knowing the audience didn’t help, but I aimed to try and provide a really high level overview of the OWASP Testing Guide and how tools traditionally designed to run locally can leverage Amazon’s EC2 environment quite well too.
You can see the slidedeck here (I would recommend opening up the “Show Speaker Notes”): https://docs.google.com/present/view?id=ddwsqr7c_63c3phb7gn
Oh, and PS: I’m not strictly tied to the term “Cloud”, but I do really enjoy Amazon’s AWS and EC2 services :)