pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Basic facilities required to establish a pen test lab

from [Jan Heisterkamp] [Permanent Link][Original]
To: Gubir <gubirgubir@gmail.com>
Subject: Re: Basic facilities required to establish a pen test lab
From: Jan Heisterkamp <janheisterkamp@web.de>
Date: Sun, 29 Jul 2007 08:28:48 -0600
Cc: pen-test@securityfocus.com
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
In-reply-to: <11825963.post@talk.nabble.com>
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
References: <11825963.post@talk.nabble.com>
Resent-date: Sun, 29 Jul 2007 18:32:03 -0600 (MDT)
Resent-from: pen-test-return-1078484728@securityfocus.com
Resent-message-id: <20070730003203.128B51444BA@outgoing2.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com
Sender: janheisterkamp@web.de
User-agent: Thunderbird 2.0.0.5 (Windows/20070716) 
Gubir schrieb:

I am CEH. But still I need some suggestion from you guys to setup a pen test
lab. Please give me some guidance about the basic essential hardware and
software to make a good pen test lab


A pent test lab; what could this be?
Definition of laboratory: A laboratory (often abbreviated lab) is a place where scientific research and experiments are conducted. A lab can hold space for one to thirty, or more, researchers depending on the size of the room and state mandated maximum occupancy limit.
In conjunction with pen-test this makes no sense to me, exeptual you are conducing external tests. I for myself decided that I don't use laptops, exeptual I go mobile-wireless, they are mostly not the money worth, you can't mainteaince them tecnically by yourself -at least not here in Costa Rica. What I do have here are a few boxes with 2.8 G Intel Pentium, 2GB Ram, 80 - 160 Gb HDD, 2 NICs and one with AMD 64bit Athlon, 2GB Ram, 80GB HDD, 2NICs. For special purposes I use PowerEdge 1850, 2 Xeon 2.8 G, 4GB Ram, 2x36 GB HDD, 2 NICs [doesn't run with Unix :'( ] 

OS's: Windows XP, Fedora7, freeBSD
Before you step into a new job you have to setup your box new, that means set your HDD on zero. For this purpose I use PowerMax [Live-On edition], it takes some hours but its working excellent and with all brands of HDDs. 
Don't use the OS "onboard"-formatting tools.
Never ever perform a test with a "USED" box.
If you use [Vuln]-Scanner [for a first look] make sure that you use only open-source products. 
Double check all results.
Especially, don't believe the results of a Vuln-Scanner until you haven't proofed it manually.
In your repositioy you should have the common OS's for practizing and studying, as well as a collection of all Exploits you can grab, wether you need them or not. 
Exploit-Frameworks like Metasploit or ATK are helpful.
You might come into a situation where you have to reverse-engineer something; IDA Pro is a excellent and comfortable choice and it's money worth. Not mentioned the tools of the trade, you should know them all, you are CEH; isn't it?! 

Regards
Jan











------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cross testing exploit with vulnerability scan results, Christine Kronberg
Next by Date:  Re: Cross testing exploit with vulnerability scan results, jussi jaakonaho
Previous by Thread:  Basic facilities required to establish a pen test lab, Gubir
Next by Thread:  RE: Basic facilities required to establish a pen test lab, Shenk, Jerry A
Indexes:  [Date] [Thread] [Top] [All Lists]