Hey friends,

Wow, it’s so fun to see a lot of familiar (digital) faces join/rejoin this mailing list, as well as a ton of new folks. Welcome again! In this email blast I’ll cover:

• Building a pentest range on the cheap and (mostly) easy with a Hetzner server

• How I’m absolutely in electronic love with Ludus.cloud for building pentesting ranges

• 7MinSec proudly sponsors the ballet!

• Another terrible horror movie I won’t be recommending you see

• A new Johnson family member

Baby’s first Hetzner server

Super TLDR version: I talk all about this on last week’s and this week’s podcast episode.

Regular TLDR version: Hetzner (not a sponsor) certainly gives you a lot of server horsepower on the cheap, but the limited firewall features (only 10 rules) and hardware quality (I had to replace 2/3 of my disks within 24 hours) make me feel this is more of an environment for test/dev things, not prod.

Slightly longer version only my mom will read: over the last few months I’ve seen a ton of chatter from my pentest colleagues saying that Hetzner (still not a sponsor) is the place to go for cheap/beefy servers to build pentesting ranges, backup servers, or anything else your heart desires. I took one for a spin this week for a customer project, and I’d agree with almost all of that. A couple things that really grinded my gears:

• The software firewall for the server has 10 rules. 10. That’s it. “Hey Brian, can I press an Add button somewhere and get more rules?” No. “But why Brian, WHYYYY??!??” I don’t know.

• Dead drives. I was having problems installing Ludus.cloud (we’ll get to that in a moment) and, long story short, the disks in my RAID 1 were at like 170% utilization. In a bit of good news, the techs replaced them within an hour.

• No free IPMI. Hetzner has this weird thing where they’ll let you order temporary IPMI access (with no guarantee of when it will be installed), but with a catch. It’s free for the first 3 hours (why 3?) and then it’s like $10 for every 3 hours after that. My other datacenter provider OVHcloud (also not a sponsor) gives you built-in IPMI access for free.

Ludus.cloud - a pentester’s dream

The Ludus quick start guide is, in my opinion, nothing short of magic. You essentially spin up a bare Debian 12 server, run the Ludus install script, and grab a mint hot cocoa. The install was really that easy. The next step involves downloading templates (that the rest of the lab build automation will be spawned from), and so most of the Ludus install time is simply waiting for stuff to download. Once all the templates are on disk, you just fire off one more command to deploy a range such as GOAD or GOAD SCCM.

I’ve been spending the last few weeks poking at GOAD SCCM and it is so fun to be able to blast away at the vulnerabilities freely, while also getting experience with SCCM abuse tools like pxethief (be sure to check out this pull request which lets in run in Linux!). I’ve been giggling with glee as I steal SCCM config data via PXE boot or riffling through SCCM shares. It has already helped me be a more effective pentester in environments with SCCM!

So all in all, I’m enjoying the Hetzner experience and price tag (though I wouldn’t use it for anything prod), and it has already been worth the $ for the skills I’ve picked up in pentesting SCCM!

Thoughts on Hetzner / pentesting ranges?

Leave a comment

7MinSec supports the ballet!

7 Minute Security is supporting a local ballet company’s upcoming performance, and I wanted to give you an early peek at the full-page ad our graphic designer put together for the paper program:

Cool, right?!

It’s a Wonderful Knife

I watched another bad horror movie (so you don’t have to?) and the title is the most clever thing about it: It’s a Wonderful Knife. TLDR: I’d skip it, but you can read my full review here.

On a personal tangent

We welcomed a new family member to the Johnson household this week:

The kids have suggested all sorts of crazy names, but I am rallying hard for Fin Diesel. And I’m a dork - I wrote a blog about this fish.

Have a blessed week!

Brian