PaulDotCom mailing list archives
Re: [GPWN-list] Pen Testing Lab Images/Systems setup
From: Jamil Ben Alluch <jamil () autronix com>
Date: Mon, 2 Dec 2013 14:40:02 -0500
There are a couple. Offensive security seems to be offering this service in the near future. other than that there's Hera ( http://www.elearnsecurity.com/virtual-labs/hera/). I don't know much about other ones, However I don't think you'll find anything in the price range you're looking for, for continuous access to the Virtual lab vpn (Hera will bill you 1700 for 6 months of continuous 24h access); This is mainly the reason why I prefer investing on building my own. ᐧ -- Jamil Ben Alluch, B.Ing., GCIH <http://www.autronix.com> jamil () autronix com +1-819-923-3012 On Sun, Dec 1, 2013 at 9:38 AM, <openrelay25 () gmail com> wrote:
Hi all, I was searching different Pentesting lab, did someone know a scenario which cost average 600 dollar per 6 months, sometimes I don't have enough time to create different scenarios I saw a website which have this kind of scenario but I forget the link Sent from my iPhone On Nov 27, 2013, at 11:50 AM, xgermx <xgermx () gmail com> wrote: I made it to the webcast, but I haven't seen any recordings sent out yet. I'll update this thread if I see it. On Wed, Nov 27, 2013 at 11:15 AM, Robin Wood <robin () digininja org> wrote:Did this happen in the end? Did anyone get a recording of it as I couldn't get to it. Robin On 18 Nov 2013 17:41, "Hirt, Rand W" <Rand.Hirt () providence org> wrote:*How To Build Your Own Low Cost HackLab – FREE Webinar* Thursday, November 21, 2013 1:00 PM - 3:00 PM EST https://www4.gotomeeting.com/register/889834095 -Cheers Rand *From:* gpwn-list-bounces () lists sans org [mailto: gpwn-list-bounces () lists sans org] *On Behalf Of *xgermx *Sent:* Monday, November 18, 2013 7:51 AM *To:* Jamil Ben Alluch *Cc:* PaulDotCom Security Weekly Mailing List; gpwn-list () lists sans org *Subject:* Re: [GPWN-list] Pen Testing Lab Images/Systems setup Sorry, I don't have a direct link but, Joe McCray is hosting a "Building A Low Cost HackLab" webinar this week. (It was rescheduled from last week to this week). Keep an eye on Twitter; I'll update this thread with the link when it's shared. On Sun, Nov 17, 2013 at 9:13 AM, Jamil Ben Alluch <jamil () autronix com> wrote: Thank you all for all the great responses. Lots of information here! I appreciate it greatly. Best Regards, -- Jamil Ben Alluch, B.Ing., GCIH <http://www.autronix.com> *jamil () autronix com* <http://www.autronix.com> *+1-819-923-3012* <http://www.autronix.com> <http://www.autronix.com> On Sun, Nov 17, 2013 at 9:34 AM, Joseph Brand <*joe () joebrand net*> wrote: <http://www.autronix.com> TechNet was replaced with free to download 180 day trials so you can still get access to ISOs and install MS stuff. Just a pain to rekey, or mess with changing the OS date / time settings to keep it within the trial. I like to run a couple of the recent versions at home for trial scans and finding ways in. Joe <http://www.autronix.com> ------------------------------ <http://www.autronix.com> *From: Robin Wood Sent: 11/17/2013 9:03 AM To: Ed Skoudis Cc: gpwn-list () lists sans org Subject: Re: [GPWN-list] Pen Testing Lab Images/Systems setup <http://www.autronix.com>* On 17 November 2013 13:46, Ed Skoudis <*ed () counterhack com*> wrote:Great stuff, guys! You also may want to check out the mind map by Aman Hardikar .M. Great stuff. *http://www.amanhardikar.com/mindmaps/Practice.html* He allowed us to put it on the SANS Pen Test poster, and I'm verygratefulfor that. --Ed.If asked last year I'd have suggested MS TechNet as a great way to get licences for most MS products but they have cancelled that program now so can't subscribe any more :( I would suggest though looking through some of the MS tutorials on how to set up their tools, for example this on SharePoint *http://technet.microsoft.com/en-us/library/jj658588.aspx* . It tells you how MS would expect the systems to be set up so gives you a good idea of the base level for a lot of builds. RobinOn Nov 16, 2013, at 11:52 PM, Julian Makas <*jmakas () mimictechnologies com*>wrote: We have a couple scenarios in play at my place. Our "attack lab" has all of the normal pwn-able images (ie.metasploitable,DVWA, etc.). Out "test lab" is 1/2 Fort Knox and 1/2 realistic network based onwhat weare seeing as a norm amongst our clients. The Fort Knox side is a sudo war games between our admin group andsecuritygroup where the realistic side tries to mimic a common baseline ofwhat wesee going on in our client networks. This give us some red and blueteambenefits. Attack lab is for training. Hardened and baseline networks are for training and bragging rights but mostly used for testing engagement scenarios where we have to stepoutsideof the box. What do you need your lab to do for you? Let you train? Let you testpoc andnew concepts? Crash your lab box before you crash a clients serverwhile onan engagement? It all depends on what you want to do, but you'll eventually wantaspects ofall of these. - J Sent from my iPhone On Nov 16, 2013, at 7:16 PM, "James Shewmaker" <*james () bluenotch com*>wrote:On Sat, Nov 16, 2013 at 2:29 PM, Jamil Ben Alluch <*jamil () autronix com*>wrote:Hello, This may be a recurring question, but I still wanted to get someinput.What kind of systems do you normally use for your pen-testing labs;morespecifically, are there pre-set images that you use for testing vulnerabilities and practice ("Ready-to-Hack" systems)?Hi Jamil, You can get started with *vulnhub.com*. They have some free (buthosted viaVPN) pre-configured scenarios, including some you can download. The vuln-injector program they have is great for weakening a randomWindows VMso you can experiment with a closer-to-real-world target. There isalso ourscenario engine, currently in closed beta, at *bunker011.com* (almost800different hosted VMs)--you could try registering and see if you getinvited.;) It would be interesting to see if you could use the free VPN hosted projects, and use dd+netcat to steal them ... Interested, not endorsed! _______________________________________________ gpwn-list mailing list *gpwn-list () lists sans org* *https://lists.sans.org/mailman/listinfo/gpwn-list* _______________________________________________ gpwn-list mailing list *gpwn-list () lists sans org* *https://lists.sans.org/mailman/listinfo/gpwn-list* _______________________________________________ gpwn-list mailing list *gpwn-list () lists sans org* *https://lists.sans.org/mailman/listinfo/gpwn-list*_______________________________________________ gpwn-list mailing list *gpwn-list () lists sans org* *https://lists.sans.org/mailman/listinfo/gpwn-list*<http://www.autronix.com> _______________________________________________ gpwn-list mailing list *gpwn-list () lists sans org* *https://lists.sans.org/mailman/listinfo/gpwn-list*<http://www.autronix.com> <http://www.autronix.com> _______________________________________________ gpwn-list mailing list *gpwn-list () lists sans org* *https://lists.sans.org/mailman/listinfo/gpwn-list*<http://www.autronix.com> <http://www.autronix.com> ------------------------------ This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message. _______________________________________________ gpwn-list mailing list gpwn-list () lists sans org https://lists.sans.org/mailman/listinfo/gpwn-list_______________________________________________ gpwn-list mailing list gpwn-list () lists sans org https://lists.sans.org/mailman/listinfo/gpwn-list _______________________________________________ gpwn-list mailing list gpwn-list () lists sans org https://lists.sans.org/mailman/listinfo/gpwn-list
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup Jamil Ben Alluch (Nov 25)
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup xgermx (Nov 26)
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup James Shewmaker (Nov 26)
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup Dave (Nov 27)
- Message not available
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup Robin Wood (Nov 27)
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup xgermx (Nov 27)
- Message not available
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup Jamil Ben Alluch (Dec 02)
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup xgermx (Nov 26)