pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Basic facilities required to establish a pen test lab

from [Ivan .] [Permanent Link][Original]
To: scott <redhowlingwolves@bellsouth.net>
Subject: Re: Basic facilities required to establish a pen test lab
From: "Ivan ." <ivanhec@gmail.com>
Date: Mon, 30 Jul 2007 19:13:08 +1000
Cc: pen-test@securityfocus.com
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=g2+kOytKWCFnZl/pPTTh55/DxWfBU2zmLHWsWZ5thAJLc7B0hsS8CiSacTtuXC1/OSkvG3RhDShQJsTuIeq+Kh/snxndp9GSk4Dsk+hEfPsxs4SyCj6JhpWndJUZlZXqKemwLI1foRYGB/guInxRYG+9mOUKKh8YilcqPIMAMc8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fV2ughPze/d+uewwLvOK/yFg7erAQn4J0DgqAL5QEpDPlQ6nMoK9X2fbEzkXEzeT8Y5ogPcI9e17mwhwuWKxyJp/K65VclxAWUbV/XUJnUqqVe2PVkHsVP0I7N6bPr+DltbAuGQeHIuxxLQ3hmrpOHLUy6BzCbEkV5DA0PkTx2Q=
In-reply-to: <46AD6329.7080305@bellsouth.net>
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
References: <11825963.post@talk.nabble.com> <46ACA420.4000301@web.de> <507F49D619DFA64D87E546F18DE2FA4604BEAA23@CL-EXCHANGE1.dande.com> <46AD6329.7080305@bellsouth.net>
Resent-date: Mon, 30 Jul 2007 22:06:08 -0600 (MDT)
Resent-from: pen-test-return-1078484732@securityfocus.com
Resent-message-id: <20070731040608.2B039143D48@outgoing2.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com 
did someone mention VMare?

On 7/30/07, scott <redhowlingwolves@bellsouth.net> wrote:
>
>
> Surely you can pull a few boxes together,install different OS'es on each
> box,install the same version of apps that the servers you're testing are
> running,trying to make sure that the processors are the same,or very
> closely related.
>
> The one thing that has stung me in the past was Apache on
> Windows.I,foolishly, assumed it was a *nix variant!Blind test,of
> course.So why were scans leaning to an OS called Microsoft?Bad recon.
> Everything you can do before and after the recon("You did do
> this,right?") matters for how you make up your lab for that specific
> pen-test.That's my personal method.
>
> IMHO.
>
>
>
>
> Shenk, Jerry A wrote:
> > I on the otherhand test exploits in my lab all the time.  I find it very
> > useful to have a number of machines set up with a variety of operating
> > systems.  I find that by testing exploits in the lab, prior to
> > attempting them on-site I know better what results to expect.  One of my
> > goals in pen-testing is to avoid "blowing up" production boxes.  By
> > testing exploits in the lab, I can have a pretty good idea what the
> > results will be.  I also try to avoid getting caught. It mimics an
> > experienced attacker better to avoid making an insane amount of noise so
> > if I can find an exploit that will allow me to make a quick clean
> > attack, I find that going through that in the lab first allows me to do
> > better on the live test.  ....people never watch their logs anyway so
> > being stealthy isn't normally that big a deal;)
> >
> > Lot of people use VMware or similar platforms for this and I do also, to
> > a degree.  I most often find myself using a number of old servers
> > (Compaq & "Intel Whitebox servers) with a variety of drives in hot-swap
> > trays that I swap in for a particular OS version and patch level.  I
> > don't really use the "hot-swap" feature to swap drives without rebooting
> > but it is handy to be able to just pull a drive out and stick another
> > one in.
> >
> > -----Original Message-----
> > From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> > On Behalf Of Jan Heisterkamp
> > Sent: Sunday, July 29, 2007 10:29 AM
> > To: Gubir
> > Cc: pen-test@securityfocus.com
> > Subject: Re: Basic facilities required to establish a pen test lab
> >
> > Gubir schrieb:
> >
> >> I am CEH. But still I need some suggestion from you guys to setup a
> >>
> > pen test
> >
> >> lab. Please give me some guidance about the basic essential hardware
> >>
> > and
> >
> >> software to make a good pen test lab
> >>
> >>
> >>
> > A pent test lab; what could this be?
> > Definition of laboratory: A laboratory (often abbreviated lab) is a
> > place where scientific research and experiments are conducted. A lab can
> >
> > hold space for one to thirty, or more, researchers depending on the size
> >
> > of the room and state mandated maximum occupancy limit.
> >
> >
> > **DISCLAIMER
> > This e-mail message and any files transmitted with it are intended for the 
> > use of the individual or entity to which they are addressed and may contain 
> > information that is privileged, proprietary and confidential. If you are 
> > not the intended recipient, you may not use, copy or disclose to anyone the 
> > message or any information contained in the message. If you have received 
> > this communication in error, please notify the sender and delete this 
> > e-mail message. The contents do not represent the opinion of D&E except to 
> > the extent that it relates to their official business.
> >
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> > ------------------------------------------------------------------------
> >
> >
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: Penetration test report - your comments please?, scott
Next by Date:  Re: Basic facilities required to establish a pen test lab, Hylton Conacher (ZR1HPC)
Previous by Thread:  Re: Basic facilities required to establish a pen test lab, scott
Next by Thread:  Re: Basic facilities required to establish a pen test lab, Hylton Conacher (ZR1HPC)
Indexes:  [Date] [Thread] [Top] [All Lists]