Penetration Testing mailing list archives
Re: Looking to set up an infosec lab
From: "Shawn Merdinger" <shawnmer () gmail com>
Date: Sat, 4 Aug 2007 01:15:22 -0600
Hi John, imho, the end-point targets for learning are good, but the tools to facilitate attacking them are refined to the point where it's pretty much a no-brainer (a la Metasploit por exemplo, or your run-of-the-mill Romanian zero-day for a couple hundred Euros). For the mad Kung-Fu, I suggest going for the real nasty -- routers and switches -- sure, some enterprise's Oracle DB may be vulnerable, or even compromised, but if you can Pwn the upstream router, well "all your packet are belong to us" and you've access to the compromised DB access _and_ the attacker(s)/remote admins/trusted peers/etc. Kindest regards, --scm Shawn Merdinger Independent Security Researcher VoIPninja.com
----- Original Message ---- From: John M. Martinelli <john () martinelli com> To: pen-test () securityfocus com Hi, list. A few of the previous e-mails going out on the mailing list got my attention - I'm interested in building a moderate hacklab to conduct mock attacks, intrusion detection, detection evasion, etcetera. My hardware situation allows me to deploy a VMware or Parallels lab - what kind of machines would you set up in my situation?
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Looking to set up an infosec lab Jamie Riden (Aug 01)
- <Possible follow-ups>
- Re: Looking to set up an infosec lab Bill Stout (Aug 03)
- Re: Looking to set up an infosec lab Shawn Merdinger (Aug 04)