Sorry, I don't have a direct link but, Joe McCray is hosting a "Building A Low Cost HackLab" webinar this week. (It was rescheduled from last week to this week). Keep an eye on Twitter; I'll update this thread with the link when it's shared.
On Sun, Nov 17, 2013 at 9:13 AM, Jamil Ben Alluch <[email protected]>wrote: > Thank you all for all the great responses. Lots of information here! > > I appreciate it greatly. > > Best Regards, > > -- > Jamil Ben Alluch, B.Ing., GCIH > <http://www.autronix.com> > [email protected] > +1-819-923-3012 > > > On Sun, Nov 17, 2013 at 9:34 AM, Joseph Brand <[email protected]> wrote: > >> TechNet was replaced with free to download 180 day trials so you can >> still get access to ISOs and install MS stuff. Just a pain to rekey, or >> mess with changing the OS date / time settings to keep it within the trial. >> >> I like to run a couple of the recent versions at home for trial scans and >> finding ways in. >> >> Joe >> ------------------------------ >> From: Robin Wood >> Sent: 11/17/2013 9:03 AM >> To: Ed Skoudis >> Cc: [email protected] >> Subject: Re: [GPWN-list] Pen Testing Lab Images/Systems setup >> >> >> On 17 November 2013 13:46, Ed Skoudis <[email protected]> wrote: >> > Great stuff, guys! >> > >> > You also may want to check out the mind map by Aman Hardikar .M. Great >> > stuff. >> > >> > http://www.amanhardikar.com/mindmaps/Practice.html >> > >> > He allowed us to put it on the SANS Pen Test poster, and I'm very >> grateful >> > for that. >> > >> > --Ed. >> > >> >> If asked last year I'd have suggested MS TechNet as a great way to get >> licences for most MS products but they have cancelled that program now >> so can't subscribe any more :( >> >> I would suggest though looking through some of the MS tutorials on how >> to set up their tools, for example this on SharePoint >> http://technet.microsoft.com/en-us/library/jj658588.aspx . It tells >> you how MS would expect the systems to be set up so gives you a good >> idea of the base level for a lot of builds. >> >> Robin >> >> > >> > On Nov 16, 2013, at 11:52 PM, Julian Makas < >> [email protected]> >> > wrote: >> > >> > We have a couple scenarios in play at my place. >> > >> > Our "attack lab" has all of the normal pwn-able images (ie. >> metasploitable, >> > DVWA, etc.). >> > >> > Out "test lab" is 1/2 Fort Knox and 1/2 realistic network based on what >> we >> > are seeing as a norm amongst our clients. >> > >> > The Fort Knox side is a sudo war games between our admin group and >> security >> > group where the realistic side tries to mimic a common baseline of what >> we >> > see going on in our client networks. This give us some red and blue team >> > benefits. >> > >> > Attack lab is for training. >> > >> > Hardened and baseline networks are for training and bragging rights but >> > mostly used for testing engagement scenarios where we have to step >> outside >> > of the box. >> > >> > What do you need your lab to do for you? Let you train? Let you test >> poc and >> > new concepts? Crash your lab box before you crash a clients server >> while on >> > an engagement? >> > >> > It all depends on what you want to do, but you'll eventually want >> aspects of >> > all of these. >> > >> > - J >> > >> > >> > >> > Sent from my iPhone >> > >> > On Nov 16, 2013, at 7:16 PM, "James Shewmaker" <[email protected]> >> wrote: >> > >> > >> > On Sat, Nov 16, 2013 at 2:29 PM, Jamil Ben Alluch <[email protected]> >> > wrote: >> >> >> >> Hello, >> >> >> >> This may be a recurring question, but I still wanted to get some input. >> >> >> >> What kind of systems do you normally use for your pen-testing labs; >> more >> >> specifically, are there pre-set images that you use for testing >> >> vulnerabilities and practice ("Ready-to-Hack" systems)? >> >> >> >> >> > Hi Jamil, >> > >> > You can get started with vulnhub.com. They have some free (but hosted >> via >> > VPN) pre-configured scenarios, including some you can download. The >> > vuln-injector program they have is great for weakening a random Windows >> VM >> > so you can experiment with a closer-to-real-world target. There is also >> our >> > scenario engine, currently in closed beta, at bunker011.com (almost 800 >> > different hosted VMs)--you could try registering and see if you get >> invited. >> > ;) >> > >> > It would be interesting to see if you could use the free VPN hosted >> > projects, and use dd+netcat to steal them ... Interested, not endorsed! >> > >> > >> > _______________________________________________ >> > gpwn-list mailing list >> > [email protected] >> > https://lists.sans.org/mailman/listinfo/gpwn-list >> > >> > _______________________________________________ >> > gpwn-list mailing list >> > [email protected] >> > https://lists.sans.org/mailman/listinfo/gpwn-list >> > >> > >> > >> > _______________________________________________ >> > gpwn-list mailing list >> > [email protected] >> > https://lists.sans.org/mailman/listinfo/gpwn-list >> > >> _______________________________________________ >> gpwn-list mailing list >> [email protected] >> https://lists.sans.org/mailman/listinfo/gpwn-list >> >> _______________________________________________ >> gpwn-list mailing list >> [email protected] >> https://lists.sans.org/mailman/listinfo/gpwn-list >> >> > > _______________________________________________ > gpwn-list mailing list > [email protected] > https://lists.sans.org/mailman/listinfo/gpwn-list > >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
