PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [GPWN-list] Pen Testing Lab Images/Systems setup

From: Dave <hackerrdave () gmail com>
Date: Tue, 26 Nov 2013 22:24:04 -0500
Please tell mr. Mccray that he has still YET to give me a refund. This has been everything BUT a good experience. 
You're posting for a service that he clearly cannot follow through with due to lack of professionalism and or knowledge 
of the subject in general. A fair warning; if i don't receive my $100.00 refund in one week i WILL be taking him to 
court. I don't care if it costs me $600 in the process as long as he's held liable for being in the court room.

GOOD DAY!

Sent from my iPhone

On Nov 18, 2013, at 10:51 AM, xgermx <xgermx () gmail com> wrote:


Sorry, I don't have a direct link but, Joe McCray is hosting a "Building A Low Cost HackLab" webinar this week. 
(It was rescheduled from last week to this week). Keep an eye on Twitter; I'll update this thread with the link when 
it's shared.


On Sun, Nov 17, 2013 at 9:13 AM, Jamil Ben Alluch <jamil () autronix com> wrote:

Thank you all for all the great responses. Lots of information here!

I appreciate it greatly.

Best Regards,

--
Jamil Ben Alluch, B.Ing., GCIH

jamil () autronix com
+1-819-923-3012


On Sun, Nov 17, 2013 at 9:34 AM, Joseph Brand <joe () joebrand net> wrote:

TechNet was replaced with free to download 180 day trials so you can still get access to ISOs and install MS stuff. 
 Just a pain to rekey, or mess with changing the OS date / time settings to keep it within the trial.

I like to run a couple of the recent versions at home for trial scans and finding ways in.

Joe
From: Robin Wood
Sent: 11/17/2013 9:03 AM
To: Ed Skoudis
Cc: gpwn-list () lists sans org
Subject: Re: [GPWN-list] Pen Testing Lab Images/Systems setup


On 17 November 2013 13:46, Ed Skoudis <ed () counterhack com> wrote:

Great stuff, guys!

You also may want to check out the mind map by Aman Hardikar .M.  Great
stuff.

http://www.amanhardikar.com/mindmaps/Practice.html

He allowed us to put it on the SANS Pen Test poster, and I'm very grateful
for that.

--Ed.



If asked last year I'd have suggested MS TechNet as a great way to get
licences for most MS products but they have cancelled that program now
so can't subscribe any more :(

I would suggest though looking through some of the MS tutorials on how
to set up their tools, for example this on SharePoint
http://technet.microsoft.com/en-us/library/jj658588.aspx . It tells
you how MS would expect the systems to be set up so gives you a good
idea of the base level for a lot of builds.

Robin



On Nov 16, 2013, at 11:52 PM, Julian Makas <jmakas () mimictechnologies com>
wrote:

We have a couple scenarios in play at my place.

Our "attack lab" has all of the normal pwn-able images (ie. metasploitable,
DVWA, etc.).

Out "test lab" is 1/2 Fort Knox and 1/2 realistic network based on what we
are seeing as a norm amongst our clients.

The Fort Knox side is a sudo war games between our admin group and security
group where the realistic side tries to mimic a common baseline of what we
see going on in our client networks. This give us some red and blue team
benefits.

Attack lab is for training.

Hardened and baseline networks are for training and bragging rights but
mostly used for testing engagement scenarios where we have to step outside
of the box.

What do you need your lab to do for you? Let you train? Let you test poc and
new concepts? Crash your lab box before you crash a clients server while on
an engagement?

It all depends on what you want to do, but you'll eventually want aspects of
all of these.

- J



Sent from my iPhone

On Nov 16, 2013, at 7:16 PM, "James Shewmaker" <james () bluenotch com> wrote:


On Sat, Nov 16, 2013 at 2:29 PM, Jamil Ben Alluch <jamil () autronix com>
wrote:


Hello,

This may be a recurring question, but I still wanted to get some input.

What kind of systems do you normally use for your pen-testing labs; more
specifically, are there pre-set images that you use for testing
vulnerabilities and practice ("Ready-to-Hack" systems)?



Hi Jamil,

You can get started with vulnhub.com. They have some free (but hosted via
VPN) pre-configured scenarios, including some you can download. The
vuln-injector program they have is great for weakening a random Windows VM
so you can experiment with a closer-to-real-world target. There is also our
scenario engine, currently in closed beta, at bunker011.com (almost 800
different hosted VMs)--you could try registering and see if you get invited.
;)

It would be interesting to see if you could use the free VPN hosted
projects, and use dd+netcat to steal them ... Interested, not endorsed!


_______________________________________________
gpwn-list mailing list
gpwn-list () lists sans org
https://lists.sans.org/mailman/listinfo/gpwn-list

_______________________________________________
gpwn-list mailing list
gpwn-list () lists sans org
https://lists.sans.org/mailman/listinfo/gpwn-list



_______________________________________________
gpwn-list mailing list
gpwn-list () lists sans org
https://lists.sans.org/mailman/listinfo/gpwn-list


_______________________________________________
gpwn-list mailing list
gpwn-list () lists sans org
https://lists.sans.org/mailman/listinfo/gpwn-list

_______________________________________________
gpwn-list mailing list
gpwn-list () lists sans org
https://lists.sans.org/mailman/listinfo/gpwn-list



_______________________________________________
gpwn-list mailing list
gpwn-list () lists sans org
https://lists.sans.org/mailman/listinfo/gpwn-list


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: