Re: Using a Virtualized Pen Test Platform

["Kevin L. Shaw, CISSP, GCIH" <kshaw () eeenterprisesinc com>]

It's a pain to reboot, almost as much as it is to carry two machines to 
run some activities concurrently.  I have read that several prominent 
penetration testers use VMs; and there is some information out there 
about booting one partition and running the second partition in a 
virtual machine instead of booting back and forth.  I haven't heard of 
any reported problems with these - the only item of interest I know is 
of VM-aware malware that will shut itself off if you try to examine it 
inside a virtual machine; but this shouldn't affect you if you are 
performing that sort of work.

A friend of mine who works for RedHat swears by Xen; however you should 
probably test it yourself.  One issue I have run into with any VM 
solution is the hardware may not support virtualization;  I've had that 
problem with several Toshiba laptops.  I know ESXi has pages dedicated 
to hardware compatibility lists.

Jon Kibler wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> I have traditionally used a multi-boot Linux box as my pen-test platform. It has
> always had the disadvantage that I had to reboot into Windows to run some tools
> that seem to break under wine.
>
> For the past several months, I have been tinkering with using VMware Workstation
> as my base platform, so I can just switch VMs rather than having to reboot. So
> far, it seems to work pretty well. However, I am wondering if I am missing
> something that is broken by VMware that I have not yet detected. For example,
> does VMware break any of the packet crafters or other tools that do 'unusual'
> things, that may cause the packet to not traverse correctly from VMware to the
> outside target?
>
> What other issues do I need to be aware of?
>
> Also, is there any advantage or disadvantage of running Workstation vs. Server
> vs. ESXi as the underlying VMware system?
>
> What would be the advantages or disadvantages of running XEN? Does it have any
> issues as a pen test platform hypervisor?
>
> THANKS!
>
> Jon Kibler
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA
> o: 843-849-8214
> c: 843-813-2924
> s: 843-564-4224
> s: JonRKibler
> e: Jon.Kibler () aset com
> e: Jon.R.Kibler () gmail com
> http://www.linkedin.com/in/jonrkibler
>
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkrd4DYACgkQUVxQRc85QlO60gCfT2sQ2gsBJo6vcSYIxPHtSA9U
> 8WgAn2dAPMxow+r0lx2ThokdjtX6o0+z
> =bmip
> -----END PGP SIGNATURE-----
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
>
>
>   
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
>
> http://www.iacertification.org
> ------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------