Penetration Testing mailing list archives
Re: Startup security lab setup
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Wed, 18 Mar 2009 02:12:19 -0430
On Martes 17 Marzo 2009 13:38:40 Abo Sous escribió:
Hello All, i've been asked to start a lab setup for my company, with a focus on vulnerability assessments. So far, what i have in mind includes: a firewall unit, a couple of PCs with different OS flavors, some VA applications (Nessus, metasploit...) What else should i look for? what applications would you deem indispensable in such a lab?
is quite complex. Today, a real hacker scenario is a mix of: Technique * Statistics * Social Engineering... You can simulate a sysadmin behavior? : * Common passwords across servers * Predictable passwords <- * Public info over internet (Check for maltego) <- * Weak link in the chain How you can test social engineering techniques? --------------------------------------------------------------------------- Best scenarios envolves real admin and system public information... Ex. If you are a company that sells icecream's, and you are the sysadmin, the hacker will go for all possibles words related to your job and to your life (chocolate, vanilla, johnsmith, birthday, ...). Then, will permute this wordlist with "l33t" chars, and then... will "bruteforce" something. The right word are statistically probable to happen in a reasonable time. Then a privilege escalation race will start... Recommended Tools: Nessus, metasploit, nmap, amap, xprobe, yersinia, ettercap-ng, cheops-ng (quite old...), hping, sendip, wireshark, tcptraceroute, aircrack-ng, milworm exploit db, securityforest exploit db, snort, kismet, john the ripper, maltego, some commercial soft like GFI Languard.... ETC. And... - Virtual Machines. A LOT... virtual machines... (vmware's, qemu's, etc) - IDS's!!! (Register what are doing our hackers) - Lot of firewalls and diverse network topology - Wifi - Bad Perimeter Testing (Wifi ap's, VPN's, etc) - Bad passwords In my point of view, the common weakness of systems are the perimeter... not only network perimeter (that are very important), its also important to know that are other perimeters. Application perimeters, user's privilege perimeter, files perimeter, process perimeter, etc, and... the sysadmin best award: The tendence to locate on the perimeter _test and "non-important" enviroments without security and without know anything about pre-established perimeters_. That tendence happens when admin says: I dont care about this system, this is my test enviroment and its not so important to the company (HAHA...). That can be extrapolated to all "non-important" information and "non- important" things shared and running across network...
thanks in advance, -AS. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Startup security lab setup Abo Sous (Mar 17)
- RE: Startup security lab setup Curt Shaffer (Mar 18)
- Re: Startup security lab setup Quentin Chung@Programmer (Mar 18)
- Re: Startup security lab setup Aarón Mizrachi (Mar 18)
- Re: Startup security lab setup private private (Mar 18)
- Re: Startup security lab setup HITESH PATEL (Mar 23)
- RE: Startup security lab setup Shenk, Jerry A (Mar 24)
- <Possible follow-ups>
- Re: Startup security lab setup David Schekaiban (Mar 18)
- Message not available
- Startup security lab setup Jeremy Brown (Mar 19)
- Re: Startup security lab setup Adriel T. Desautels (Mar 19)
- Message not available