Penetration Testing mailing list archives
Re: Using a Virtualized Pen Test Platform
From: "Claudio Criscione" <blackfireml () securenetwork it>
Date: Sat, 24 Oct 2009 17:28:35 +0200
Hi Jon, In data martedì 20 ottobre 2009 18:07:18, Jon Kibler ha scritto:
not yet detected. For example, does VMware break any of the packet crafters or other tools that do 'unusual' things, that may cause the packet to not traverse correctly from VMware to the outside target?
Dave already gave you a nice answer, but I'd like to stress that there *are* differences once you get very close to the hardware. If you do a lot of ARP-related stuff, for instance, you are going to run into issues due to the way VMware drivers do filtering at that level. While you can solve by proper permissions on the virtual network device and by allowing promisc, I still run into issues. Anyway if you do mostly IP level attacks and upward you should be fine enough.
Also, is there any advantage or disadvantage of running Workstation vs. Server vs. ESXi as the underlying VMware system?
Well, they are very different systems, with very different purposes. Without going into details, I find much more *practical* to use Workstation for pt. -- Claudio Criscione ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Using a Virtualized Pen Test Platform Jon Kibler (Oct 21)
- Re: Using a Virtualized Pen Test Platform Joshua Gimer (Oct 21)
- Re: Using a Virtualized Pen Test Platform Kevin L. Shaw, CISSP, GCIH (Oct 21)
- Re: Using a Virtualized Pen Test Platform Dave Aitel (Oct 21)
- Re: Using a Virtualized Pen Test Platform Arjun Sambamoorthy (Oct 27)
- Re: Using a Virtualized Pen Test Platform Pete Herzog (Oct 27)
- Re: Using a Virtualized Pen Test Platform JoePete (Oct 27)
- <Possible follow-ups>
- Re: Using a Virtualized Pen Test Platform Claudio Criscione (Oct 27)