PaulDotCom mailing list archives
Re: [GPWN-list] Pen Testing Lab Images/Systems setup
From: Julian Makas <jmakas () mimictechnologies com>
Date: Sun, 17 Nov 2013 04:52:01 +0000
We have a couple scenarios in play at my place. Our "attack lab" has all of the normal pwn-able images (ie. metasploitable, DVWA, etc.). Out "test lab" is 1/2 Fort Knox and 1/2 realistic network based on what we are seeing as a norm amongst our clients. The Fort Knox side is a sudo war games between our admin group and security group where the realistic side tries to mimic a common baseline of what we see going on in our client networks. This give us some red and blue team benefits. Attack lab is for training. Hardened and baseline networks are for training and bragging rights but mostly used for testing engagement scenarios where we have to step outside of the box. What do you need your lab to do for you? Let you train? Let you test poc and new concepts? Crash your lab box before you crash a clients server while on an engagement? It all depends on what you want to do, but you'll eventually want aspects of all of these. - J Sent from my iPhone On Nov 16, 2013, at 7:16 PM, "James Shewmaker" <james () bluenotch com<mailto:james () bluenotch com>> wrote: On Sat, Nov 16, 2013 at 2:29 PM, Jamil Ben Alluch <jamil () autronix com<mailto:jamil () autronix com>> wrote: Hello, This may be a recurring question, but I still wanted to get some input. What kind of systems do you normally use for your pen-testing labs; more specifically, are there pre-set images that you use for testing vulnerabilities and practice ("Ready-to-Hack" systems)? Hi Jamil, You can get started with vulnhub.com<http://vulnhub.com>. They have some free (but hosted via VPN) pre-configured scenarios, including some you can download. The vuln-injector program they have is great for weakening a random Windows VM so you can experiment with a closer-to-real-world target. There is also our scenario engine, currently in closed beta, at bunker011.com<http://bunker011.com> (almost 800 different hosted VMs)--you could try registering and see if you get invited. ;) It would be interesting to see if you could use the free VPN hosted projects, and use dd+netcat to steal them ... Interested, not endorsed! _______________________________________________ gpwn-list mailing list gpwn-list () lists sans org<mailto:gpwn-list () lists sans org> https://lists.sans.org/mailman/listinfo/gpwn-list
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Pen Testing Lab Images/Systems setup Jamil Ben Alluch (Nov 25)
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup James Shewmaker (Nov 26)
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup Julian Makas (Nov 26)
- Re: [GPWN-list] Pen Testing Lab Images/Systems setup James Shewmaker (Nov 26)