Penetration Testing mailing list archives
Re: Basic facilities required to establish a pen test lab
From: Jan Heisterkamp <janheisterkamp () web de>
Date: Sun, 29 Jul 2007 08:28:48 -0600
Gubir schrieb:
I am CEH. But still I need some suggestion from you guys to setup a pen test lab. Please give me some guidance about the basic essential hardware and software to make a good pen test lab
A pent test lab; what could this be?Definition of laboratory: A laboratory (often abbreviated lab) is a place where scientific research and experiments are conducted. A lab can hold space for one to thirty, or more, researchers depending on the size of the room and state mandated maximum occupancy limit.
In conjunction with pen-test this makes no sense to me, exeptual you are conducing external tests. I for myself decided that I don't use laptops, exeptual I go mobile-wireless, they are mostly not the money worth, you can't mainteaince them tecnically by yourself -at least not here in Costa Rica. What I do have here are a few boxes with 2.8 G Intel Pentium, 2GB Ram, 80 - 160 Gb HDD, 2 NICs and one with AMD 64bit Athlon, 2GB Ram, 80GB HDD, 2NICs. For special purposes I use PowerEdge 1850, 2 Xeon 2.8 G, 4GB Ram, 2x36 GB HDD, 2 NICs [doesn't run with Unix :'( ]
OS's: Windows XP, Fedora7, freeBSDBefore you step into a new job you have to setup your box new, that means set your HDD on zero. For this purpose I use PowerMax [Live-On edition], it takes some hours but its working excellent and with all brands of HDDs.
Don't use the OS "onboard"-formatting tools. Never ever perform a test with a "USED" box.If you use [Vuln]-Scanner [for a first look] make sure that you use only open-source products.
Double check all results.Especially, don't believe the results of a Vuln-Scanner until you haven't proofed it manually.
In your repositioy you should have the common OS's for practizing and studying, as well as a collection of all Exploits you can grab, wether you need them or not.
Exploit-Frameworks like Metasploit or ATK are helpful.You might come into a situation where you have to reverse-engineer something; IDA Pro is a excellent and comfortable choice and it's money worth. Not mentioned the tools of the trade, you should know them all, you are CEH; isn't it?!
Regards Jan ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Basic facilities required to establish a pen test lab Gubir (Jul 27)
- Re: Basic facilities required to establish a pen test lab Jan Heisterkamp (Jul 29)
- RE: Basic facilities required to establish a pen test lab Shenk, Jerry A (Jul 29)
- Re: Basic facilities required to establish a pen test lab scott (Jul 30)
- Re: Basic facilities required to establish a pen test lab Ivan . (Jul 30)
- RE: Basic facilities required to establish a pen test lab Shenk, Jerry A (Jul 29)
- Re: Basic facilities required to establish a pen test lab Hylton Conacher (ZR1HPC) (Jul 30)
- Re: Basic facilities required to establish a pen test lab Jan Heisterkamp (Jul 29)
- RE: Basic facilities required to establish a pen test lab Uber Wannabe (Jul 30)