Full Report
SensePost Training in the Cloud Picture this. Every year, a group of Plakkers (our nickname for those who work at SensePost) descended into Las Vegas with more luggage than Imelda Marcos on a shoe shopping spree. In recent years, our kit list was immense. 200+ laptops, 25 servers, screens, switches and more backup disks than one should ever carry past TSA. Often we got there days before Blackhat started and spent 24 hours making sure our networks and servers started (inevitably they never did, which meant late nights debugging).
Analysis Summary
# SensePost Training Environment Modernization (Cloud Migration)
## Key Points
- The article details SensePost's transition from managing complex, on-premise physical infrastructure for their BlackHat training events to leveraging cloud services for scalability and reduced logistical overhead.
- Traditional training setup required shipping and setting up over 200 laptops, 25 servers, and extensive networking gear, often involving late-night debugging before events commenced.
- The move to the cloud was driven by the unsustainability and complexity of the prior physical setup, despite initial concerns regarding bandwidth and replicating corporate-like environments (e.g., Active Directory Domains).
- A central "Training Portal" was developed to modernize content delivery, allowing trainers to update materials dynamically, push updates automatically to students, and manage course versions efficiently.
- The practical lab environments moved from brittle, interdependent legacy scripts (`start-pracX.sh`) to a "click-once-and-deploy" solution in the cloud infrastructure.
- A major risk mitigated was the previous scenario where one student could negatively impact the experience for 39 others on a shared target server (e.g., via `'; DROP TABLES --` or wrong exploits).
- Future plans include an upgraded portal enabling self-service: students can register, pay, and launch their dedicated training environment instances on demand outside of scheduled training events.
## Threat Actors
- No specific external threat actors or malicious campaigns are detailed, as the context focuses entirely on internal operational improvement and infrastructure migration challenges faced by SensePost ("Plakkers").
## TTPs
- **Legacy Infrastructure Management:** Use of numerous, poorly documented, interdependent shell scripts (`start-pracX.sh`) for environment setup, resulting in significant troubleshooting overhead (up to 6 hours per modification).
- **Potential Student Impact:** Students previously shared single target servers, opening vectors for environment destruction or unauthorized actions impacting peers.
- **Training Delivery TTPs:** Adoption of CTFs for advanced students and prioritizing practical demonstrations ("pure pwnage") over passive "Death By PowerPoint" theory sessions to maintain dynamic engagement.
## Affected Systems
- **Previous Environment:** 200+ Laptops, 25+ Servers, Switches, Backup Disks across multiple physical locations.
- **Target Environments Replicated:** Full Windows Active Directory Domains, multiple Linux servers, and Web-applications.
- **New Platform:** Cloud Infrastructure (Implied AWS usage is mentioned later, specifically for the wireless course migration).
## Mitigations
- **Infrastructure Automation:** Implementing a "click-once-and-deploy" cloud solution to ensure reliable and repeatable environment instantiation.
- **Centralized Content Management:** Using the Training Portal to host all course materials, allowing for dynamic, on-the-fly updates separate from the execution environment.
- **Isolation:** Moving away from shared target servers to dedicated, isolated cloud training instances for individual students (implied by the goal of students controlling *their own* environment).
- **Self-Paced Learning:** Implementing lab sheets where answers are only revealed post-completion, allowing students to work at their own pace.
## Conclusion
SensePost successfully navigated a challenging infrastructure shift from cumbersome physical setups to a scalable cloud-based training model. This modernization significantly reduced operational friction and planning complexity while enhancing the learning experience through improved isolation and centralized content management. The shift supports future expansion allowing for on-demand, self-service training access for students.