Re: Using a Virtualized Pen Test Platform

[Joshua Gimer <jgimer () gmail com>]

Jon

I also use virtualization for a pen-testing platform and have for some
time. The only issue that I would be aware of is your network
interface configuration. You have the ability to setup your virtual
interfaces in either a bridged or shared mode a lot of the time, the
later of which performs Network Address Translation (NAT). If you were
performing tests where you were either sending or sampling a large
amount of traffic, there is a possibility that you could fill up your
NAT tables which will have adverse consequences in terms of valid test
results.

-- 
Thx
Joshua Gimer

On Tue, Oct 20, 2009 at 10:07 AM, Jon Kibler <Jon.Kibler () aset com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> I have traditionally used a multi-boot Linux box as my pen-test platform. It has
> always had the disadvantage that I had to reboot into Windows to run some tools
> that seem to break under wine.
>
> For the past several months, I have been tinkering with using VMware Workstation
> as my base platform, so I can just switch VMs rather than having to reboot. So
> far, it seems to work pretty well. However, I am wondering if I am missing
> something that is broken by VMware that I have not yet detected. For example,
> does VMware break any of the packet crafters or other tools that do 'unusual'
> things, that may cause the packet to not traverse correctly from VMware to the
> outside target?
>
> What other issues do I need to be aware of?
>
> Also, is there any advantage or disadvantage of running Workstation vs. Server
> vs. ESXi as the underlying VMware system?
>
> What would be the advantages or disadvantages of running XEN? Does it have any
> issues as a pen test platform hypervisor?
>
> THANKS!
>
> Jon Kibler
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA
> o: 843-849-8214
> c: 843-813-2924
> s: 843-564-4224
> s: JonRKibler
> e: Jon.Kibler () aset com
> e: Jon.R.Kibler () gmail com
> http://www.linkedin.com/in/jonrkibler
>
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkrd4DYACgkQUVxQRc85QlO60gCfT2sQ2gsBJo6vcSYIxPHtSA9U
> 8WgAn2dAPMxow+r0lx2ThokdjtX6o0+z
> =bmip
> -----END PGP SIGNATURE-----
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------