Thank you all for all the great responses. Lots of information here! I appreciate it greatly.
Best Regards, -- Jamil Ben Alluch, B.Ing., GCIH <http://www.autronix.com> [email protected] +1-819-923-3012 On Sun, Nov 17, 2013 at 9:34 AM, Joseph Brand <[email protected]> wrote: > TechNet was replaced with free to download 180 day trials so you can still > get access to ISOs and install MS stuff. Just a pain to rekey, or mess > with changing the OS date / time settings to keep it within the trial. > > I like to run a couple of the recent versions at home for trial scans and > finding ways in. > > Joe > ------------------------------ > From: Robin Wood > Sent: 11/17/2013 9:03 AM > To: Ed Skoudis > Cc: [email protected] > Subject: Re: [GPWN-list] Pen Testing Lab Images/Systems setup > > > On 17 November 2013 13:46, Ed Skoudis <[email protected]> wrote: > > Great stuff, guys! > > > > You also may want to check out the mind map by Aman Hardikar .M. Great > > stuff. > > > > http://www.amanhardikar.com/mindmaps/Practice.html > > > > He allowed us to put it on the SANS Pen Test poster, and I'm very > grateful > > for that. > > > > --Ed. > > > > If asked last year I'd have suggested MS TechNet as a great way to get > licences for most MS products but they have cancelled that program now > so can't subscribe any more :( > > I would suggest though looking through some of the MS tutorials on how > to set up their tools, for example this on SharePoint > http://technet.microsoft.com/en-us/library/jj658588.aspx . It tells > you how MS would expect the systems to be set up so gives you a good > idea of the base level for a lot of builds. > > Robin > > > > > On Nov 16, 2013, at 11:52 PM, Julian Makas <[email protected] > > > > wrote: > > > > We have a couple scenarios in play at my place. > > > > Our "attack lab" has all of the normal pwn-able images (ie. > metasploitable, > > DVWA, etc.). > > > > Out "test lab" is 1/2 Fort Knox and 1/2 realistic network based on what > we > > are seeing as a norm amongst our clients. > > > > The Fort Knox side is a sudo war games between our admin group and > security > > group where the realistic side tries to mimic a common baseline of what > we > > see going on in our client networks. This give us some red and blue team > > benefits. > > > > Attack lab is for training. > > > > Hardened and baseline networks are for training and bragging rights but > > mostly used for testing engagement scenarios where we have to step > outside > > of the box. > > > > What do you need your lab to do for you? Let you train? Let you test poc > and > > new concepts? Crash your lab box before you crash a clients server while > on > > an engagement? > > > > It all depends on what you want to do, but you'll eventually want > aspects of > > all of these. > > > > - J > > > > > > > > Sent from my iPhone > > > > On Nov 16, 2013, at 7:16 PM, "James Shewmaker" <[email protected]> > wrote: > > > > > > On Sat, Nov 16, 2013 at 2:29 PM, Jamil Ben Alluch <[email protected]> > > wrote: > >> > >> Hello, > >> > >> This may be a recurring question, but I still wanted to get some input. > >> > >> What kind of systems do you normally use for your pen-testing labs; more > >> specifically, are there pre-set images that you use for testing > >> vulnerabilities and practice ("Ready-to-Hack" systems)? > >> > >> > > Hi Jamil, > > > > You can get started with vulnhub.com. They have some free (but hosted > via > > VPN) pre-configured scenarios, including some you can download. The > > vuln-injector program they have is great for weakening a random Windows > VM > > so you can experiment with a closer-to-real-world target. There is also > our > > scenario engine, currently in closed beta, at bunker011.com (almost 800 > > different hosted VMs)--you could try registering and see if you get > invited. > > ;) > > > > It would be interesting to see if you could use the free VPN hosted > > projects, and use dd+netcat to steal them ... Interested, not endorsed! > > > > > > _______________________________________________ > > gpwn-list mailing list > > [email protected] > > https://lists.sans.org/mailman/listinfo/gpwn-list > > > > _______________________________________________ > > gpwn-list mailing list > > [email protected] > > https://lists.sans.org/mailman/listinfo/gpwn-list > > > > > > > > _______________________________________________ > > gpwn-list mailing list > > [email protected] > > https://lists.sans.org/mailman/listinfo/gpwn-list > > > _______________________________________________ > gpwn-list mailing list > [email protected] > https://lists.sans.org/mailman/listinfo/gpwn-list > > _______________________________________________ > gpwn-list mailing list > [email protected] > https://lists.sans.org/mailman/listinfo/gpwn-list > >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
