| To: | "John M. Martinelli" <john@martinelli.com> |
|---|---|
| Subject: | Re: Looking to set up an infosec lab |
| From: | "Shawn Merdinger" <shawnmer@gmail.com> |
| Date: | Sat, 4 Aug 2007 01:15:22 -0600 |
| Cc: | pen-test@securityfocus.com |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lkUM+3lAX2gdH/Yv1Fib0+W7Ds43a6U/GYJ1srVN3CPXZMEWsygc64HPAM80sD0mtAOxWy90RZKNd0osPmpCjC8tCSIjZJIFW1y00oj3rCyjTdkNe9w+DsvnC4kmtlEWfCLRYH2jyq2LVN5n4hUGpRg8avpeqJBUzDawltKGvn8= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=pWZc0bEBI8cKTcZUqV3AQBzdp+tqlrhiwckE8pF1LEQEomTxcjkmhtxZdkfOoxYh+Lg0xxPe8x0yfQkYHiS25w9ZqnCTUaLblbcyfyCd02TZVqujKfzWUe1rQPoS29hTCzZSHsX+MbbTefdV3lM/bReJBZcsi8uFe6Okiy3sUzs= |
| In-reply-to: | <434659.52190.qm@web31807.mail.mud.yahoo.com> |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| References: | <434659.52190.qm@web31807.mail.mud.yahoo.com> |
| Resent-date: | Sat, 4 Aug 2007 02:16:34 -0600 (MDT) |
| Resent-from: | pen-test-return-1078484757@securityfocus.com |
| Resent-message-id: | <20070804081634.5F03F144683@outgoing2.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
Hi John, imho, the end-point targets for learning are good, but the tools to facilitate attacking them are refined to the point where it's pretty much a no-brainer (a la Metasploit por exemplo, or your run-of-the-mill Romanian zero-day for a couple hundred Euros). For the mad Kung-Fu, I suggest going for the real nasty -- routers and switches -- sure, some enterprise's Oracle DB may be vulnerable, or even compromised, but if you can Pwn the upstream router, well "all your packet are belong to us" and you've access to the compromised DB access _and_ the attacker(s)/remote admins/trusted peers/etc. Kindest regards, --scm Shawn Merdinger Independent Security Researcher VoIPninja.com > ----- Original Message ---- > From: John M. Martinelli <john@martinelli.com> > To: pen-test@securityfocus.com > Hi, list. > > A few of the previous e-mails going out on the mailing list got my > attention - I'm interested in building a moderate hacklab to conduct > mock attacks, intrusion detection, detection evasion, etcetera. My > hardware situation allows me to deploy a VMware or Parallels lab - > what kind of machines would you set up in my situation? ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Tools for pen test,, IRM |
|---|---|
| Next by Date: | Re: Tools for pen test,, 杨峰 |
| Previous by Thread: | Re: Looking to set up an infosec lab, Bill Stout |
| Next by Thread: | RE: [lists] Looking to set up an infosec lab, Curt Purdy |
| Indexes: | [Date] [Thread] [Top] [All Lists] |