PaulDotCom mailing list archives
Re: [GPWN-list] Pen Testing Lab Images/Systems setup
From: Robin Wood <robin () digininja org>
Date: Wed, 27 Nov 2013 17:15:26 +0000
Did this happen in the end? Did anyone get a recording of it as I couldn't get to it. Robin On 18 Nov 2013 17:41, "Hirt, Rand W" <Rand.Hirt () providence org> wrote:
*How To Build Your Own Low Cost HackLab – FREE Webinar* Thursday, November 21, 2013 1:00 PM - 3:00 PM EST https://www4.gotomeeting.com/register/889834095 -Cheers Rand *From:* gpwn-list-bounces () lists sans org [mailto: gpwn-list-bounces () lists sans org] *On Behalf Of *xgermx *Sent:* Monday, November 18, 2013 7:51 AM *To:* Jamil Ben Alluch *Cc:* PaulDotCom Security Weekly Mailing List; gpwn-list () lists sans org *Subject:* Re: [GPWN-list] Pen Testing Lab Images/Systems setup Sorry, I don't have a direct link but, Joe McCray is hosting a "Building A Low Cost HackLab" webinar this week. (It was rescheduled from last week to this week). Keep an eye on Twitter; I'll update this thread with the link when it's shared. On Sun, Nov 17, 2013 at 9:13 AM, Jamil Ben Alluch <jamil () autronix com> wrote: Thank you all for all the great responses. Lots of information here! I appreciate it greatly. Best Regards, -- Jamil Ben Alluch, B.Ing., GCIH <http://www.autronix.com> *jamil () autronix com* <http://www.autronix.com> *+1-819-923-3012* <http://www.autronix.com> <http://www.autronix.com> On Sun, Nov 17, 2013 at 9:34 AM, Joseph Brand <*joe () joebrand net*> wrote:<http://www.autronix.com> TechNet was replaced with free to download 180 day trials so you can still get access to ISOs and install MS stuff. Just a pain to rekey, or mess with changing the OS date / time settings to keep it within the trial. I like to run a couple of the recent versions at home for trial scans and finding ways in. Joe <http://www.autronix.com> ------------------------------ <http://www.autronix.com> *From: Robin Wood Sent: 11/17/2013 9:03 AM To: Ed Skoudis Cc: gpwn-list () lists sans org Subject: Re: [GPWN-list] Pen Testing Lab Images/Systems setup <http://www.autronix.com>* On 17 November 2013 13:46, Ed Skoudis <*ed () counterhack com*> wrote:Great stuff, guys! You also may want to check out the mind map by Aman Hardikar .M. Great stuff. *http://www.amanhardikar.com/mindmaps/Practice.html* He allowed us to put it on the SANS Pen Test poster, and I'm verygratefulfor that. --Ed.If asked last year I'd have suggested MS TechNet as a great way to get licences for most MS products but they have cancelled that program now so can't subscribe any more :( I would suggest though looking through some of the MS tutorials on how to set up their tools, for example this on SharePoint *http://technet.microsoft.com/en-us/library/jj658588.aspx* . It tells you how MS would expect the systems to be set up so gives you a good idea of the base level for a lot of builds. RobinOn Nov 16, 2013, at 11:52 PM, Julian Makas <*jmakas () mimictechnologies com*>wrote: We have a couple scenarios in play at my place. Our "attack lab" has all of the normal pwn-able images (ie.metasploitable,DVWA, etc.). Out "test lab" is 1/2 Fort Knox and 1/2 realistic network based on whatweare seeing as a norm amongst our clients. The Fort Knox side is a sudo war games between our admin group andsecuritygroup where the realistic side tries to mimic a common baseline of whatwesee going on in our client networks. This give us some red and blue team benefits. Attack lab is for training. Hardened and baseline networks are for training and bragging rights but mostly used for testing engagement scenarios where we have to stepoutsideof the box. What do you need your lab to do for you? Let you train? Let you test pocandnew concepts? Crash your lab box before you crash a clients server whileonan engagement? It all depends on what you want to do, but you'll eventually wantaspects ofall of these. - J Sent from my iPhone On Nov 16, 2013, at 7:16 PM, "James Shewmaker" <*james () bluenotch com*>wrote:On Sat, Nov 16, 2013 at 2:29 PM, Jamil Ben Alluch <*jamil () autronix com*> wrote:Hello, This may be a recurring question, but I still wanted to get some input. What kind of systems do you normally use for your pen-testing labs; more specifically, are there pre-set images that you use for testing vulnerabilities and practice ("Ready-to-Hack" systems)?Hi Jamil, You can get started with *vulnhub.com*. They have some free (but hostedviaVPN) pre-configured scenarios, including some you can download. The vuln-injector program they have is great for weakening a random WindowsVMso you can experiment with a closer-to-real-world target. There is alsoourscenario engine, currently in closed beta, at *bunker011.com* (almost800different hosted VMs)--you could try registering and see if you getinvited.;) It would be interesting to see if you could use the free VPN hosted projects, and use dd+netcat to steal them ... Interested, not endorsed! _______________________________________________ gpwn-list mailing list *gpwn-list () lists sans org* *https://lists.sans.org/mailman/listinfo/gpwn-list* _______________________________________________ gpwn-list mailing list *gpwn-list () lists sans org* *https://lists.sans.org/mailman/listinfo/gpwn-list* _______________________________________________ gpwn-list mailing list *gpwn-list () lists sans org* *https://lists.sans.org/mailman/listinfo/gpwn-list*_______________________________________________ gpwn-list mailing list *gpwn-list () lists sans org* *https://lists.sans.org/mailman/listinfo/gpwn-list*<http://www.autronix.com> _______________________________________________ gpwn-list mailing list *gpwn-list () lists sans org* *https://lists.sans.org/mailman/listinfo/gpwn-list*<http://www.autronix.com> <http://www.autronix.com> _______________________________________________ gpwn-list mailing list *gpwn-list () lists sans org* *https://lists.sans.org/mailman/listinfo/gpwn-list*<http://www.autronix.com> <http://www.autronix.com> ------------------------------ This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message. _______________________________________________ gpwn-list mailing list gpwn-list () lists sans org https://lists.sans.org/mailman/listinfo/gpwn-list
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup Jamil Ben Alluch (Nov 25)
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup xgermx (Nov 26)
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup James Shewmaker (Nov 26)
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup Dave (Nov 27)
- Message not available
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup Robin Wood (Nov 27)
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup xgermx (Nov 27)
- Message not available
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup Jamil Ben Alluch (Dec 02)
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup xgermx (Nov 26)