Penetration Testing mailing list archives
RE: [lists] Looking to set up an infosec lab
From: "Curt Purdy" <purdy () tecman com>
Date: Thu, 2 Aug 2007 08:56:40 -0400
Our lab is a dual dual-core Opteron (4 procs) w/16 gb RAM running SuSE Linux 10.2 w/VMWare ESX Server (have not run Windoze on bare metal for 4 years - thus have not had to re-install in 4 years :) I then run about a dozen OS's including every version of Windoze, a few *NIX's and Novell. I have images of every guest for quick re-install (10-30 minutes per, depending on size). I then turn malware loose on a Windoze box and watch it infect the other boxes, depending on the propogation mode. Of course the *NIX and Novell boxes never skip a beat. Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA 202.302.6032 infosysec () gmail com purdy () tecman com ------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of John M. Martinelli Sent: Monday, July 30, 2007 9:40 PM To: pen-test () securityfocus com Subject: [lists] Looking to set up an infosec lab Hi, list. A few of the previous e-mails going out on the mailing list got my attention - I'm interested in building a moderate hacklab to conduct mock attacks, intrusion detection, detection evasion, etcetera. My hardware situation allows me to deploy a VMware or Parallels lab - what kind of machines would you set up in my situation? I plan on having a few Windows machines - perhaps a '98 box, a 2000 box, and an XP box. As far as Linux, I'd like to set up a Zoot (RedHat 6.2) and BSD box, but beyond that I'm asking for advice. Which flavors would you put up for conducting general vulnerability testing? Thanks, John Martinelli RedLevel.org Security -------------------------------------------------------------- ---------- This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads -------------------------------------------------------------- ----------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- RE: [lists] Looking to set up an infosec lab Curt Purdy (Aug 03)
- Tools for pen test, IRM (Aug 04)
- Re: Tools for pen test, 杨峰 (Aug 04)
- Re: Tools for pen test, John M. Martinelli (Aug 04)
- RE: Tools for pen test, Alexandru Bradescu-Popa (Aug 04)
- RE: Tools for pen test, Stephen McNaught (Aug 04)
- RE: Tools for pen test, Stephen McNaught (Aug 04)
- Re: Tools for pen test, Antonin Kral (Aug 04)
- Re: Tools for pen test, 杨峰 (Aug 04)
- Tools for pen test, IRM (Aug 04)