There are a couple. Offensive security seems to be offering this service in the near future. other than that there's Hera ( http://www.elearnsecurity.com/virtual-labs/hera/). I don't know much about other ones, However I don't think you'll find anything in the price range you're looking for, for continuous access to the Virtual lab vpn (Hera will bill you 1700 for 6 months of continuous 24h access); This is mainly the reason why I prefer investing on building my own.
ᐧ -- Jamil Ben Alluch, B.Ing., GCIH <http://www.autronix.com> [email protected] +1-819-923-3012 On Sun, Dec 1, 2013 at 9:38 AM, <[email protected]> wrote: > Hi all, I was searching different Pentesting lab, did someone know a > scenario which cost average 600 dollar per 6 months, sometimes I don't have > enough time to create different scenarios I saw a website which have this > kind of scenario but I forget the link > > > > Sent from my iPhone > > On Nov 27, 2013, at 11:50 AM, xgermx <[email protected]> wrote: > > I made it to the webcast, but I haven't seen any recordings sent out yet. > I'll update this thread if I see it. > > > On Wed, Nov 27, 2013 at 11:15 AM, Robin Wood <[email protected]> wrote: > >> Did this happen in the end? Did anyone get a recording of it as I >> couldn't get to it. >> >> Robin >> On 18 Nov 2013 17:41, "Hirt, Rand W" <[email protected]> wrote: >> >>> *How To Build Your Own Low Cost HackLab – FREE Webinar* >>> >>> Thursday, November 21, 2013 1:00 PM - 3:00 PM EST >>> >>> https://www4.gotomeeting.com/register/889834095 >>> >>> >>> >>> -Cheers >>> >>> Rand >>> >>> *From:* [email protected] [mailto: >>> [email protected]] *On Behalf Of *xgermx >>> *Sent:* Monday, November 18, 2013 7:51 AM >>> *To:* Jamil Ben Alluch >>> *Cc:* PaulDotCom Security Weekly Mailing List; [email protected] >>> *Subject:* Re: [GPWN-list] Pen Testing Lab Images/Systems setup >>> >>> >>> >>> Sorry, I don't have a direct link but, Joe McCray is hosting a "Building >>> A Low Cost HackLab" webinar this week. >>> (It was rescheduled from last week to this week). Keep an eye on >>> Twitter; I'll update this thread with the link when it's shared. >>> >>> >>> >>> On Sun, Nov 17, 2013 at 9:13 AM, Jamil Ben Alluch <[email protected]> >>> wrote: >>> >>> Thank you all for all the great responses. Lots of information here! >>> >>> >>> >>> I appreciate it greatly. >>> >>> >>> >>> Best Regards, >>> >>> >>> >>> -- >>> >>> Jamil Ben Alluch, B.Ing., GCIH >>> >>> <http://www.autronix.com> >>> >>> *[email protected]* <http://www.autronix.com> >>> >>> *+1-819-923-3012* <http://www.autronix.com> >>> >>> <http://www.autronix.com> >>> >>> On Sun, Nov 17, 2013 at 9:34 AM, Joseph Brand <*[email protected]*> >>> wrote: <http://www.autronix.com> >>> >>> TechNet was replaced with free to download 180 day trials so you can >>> still get access to ISOs and install MS stuff. Just a pain to rekey, or >>> mess with changing the OS date / time settings to keep it within the trial. >>> >>> I like to run a couple of the recent versions at home for trial scans >>> and finding ways in. >>> >>> Joe <http://www.autronix.com> >>> ------------------------------ >>> <http://www.autronix.com> >>> >>> >>> >>> >>> >>> *From: Robin Wood Sent: 11/17/2013 9:03 AM To: Ed Skoudis Cc: >>> [email protected] Subject: Re: [GPWN-list] Pen Testing Lab >>> Images/Systems setup <http://www.autronix.com>* >>> >>> >>> >>> On 17 November 2013 13:46, Ed Skoudis <*[email protected]*> wrote: >>> > Great stuff, guys! >>> > >>> > You also may want to check out the mind map by Aman Hardikar .M. Great >>> > stuff. >>> > >>> > *http://www.amanhardikar.com/mindmaps/Practice.html* >>> > >>> > He allowed us to put it on the SANS Pen Test poster, and I'm very >>> grateful >>> > for that. >>> > >>> > --Ed. >>> > >>> >>> If asked last year I'd have suggested MS TechNet as a great way to get >>> licences for most MS products but they have cancelled that program now >>> so can't subscribe any more :( >>> >>> I would suggest though looking through some of the MS tutorials on how >>> to set up their tools, for example this on SharePoint >>> *http://technet.microsoft.com/en-us/library/jj658588.aspx* . It tells >>> you how MS would expect the systems to be set up so gives you a good >>> idea of the base level for a lot of builds. >>> >>> Robin >>> >>> > >>> > On Nov 16, 2013, at 11:52 PM, Julian Makas < >>> *[email protected]*> >>> > wrote: >>> > >>> > We have a couple scenarios in play at my place. >>> > >>> > Our "attack lab" has all of the normal pwn-able images (ie. >>> metasploitable, >>> > DVWA, etc.). >>> > >>> > Out "test lab" is 1/2 Fort Knox and 1/2 realistic network based on >>> what we >>> > are seeing as a norm amongst our clients. >>> > >>> > The Fort Knox side is a sudo war games between our admin group and >>> security >>> > group where the realistic side tries to mimic a common baseline of >>> what we >>> > see going on in our client networks. This give us some red and blue >>> team >>> > benefits. >>> > >>> > Attack lab is for training. >>> > >>> > Hardened and baseline networks are for training and bragging rights but >>> > mostly used for testing engagement scenarios where we have to step >>> outside >>> > of the box. >>> > >>> > What do you need your lab to do for you? Let you train? Let you test >>> poc and >>> > new concepts? Crash your lab box before you crash a clients server >>> while on >>> > an engagement? >>> > >>> > It all depends on what you want to do, but you'll eventually want >>> aspects of >>> > all of these. >>> > >>> > - J >>> > >>> > >>> > >>> > Sent from my iPhone >>> > >>> > On Nov 16, 2013, at 7:16 PM, "James Shewmaker" <*[email protected]*> >>> wrote: >>> > >>> > >>> > On Sat, Nov 16, 2013 at 2:29 PM, Jamil Ben Alluch < >>> *[email protected]*> >>> > wrote: >>> >> >>> >> Hello, >>> >> >>> >> This may be a recurring question, but I still wanted to get some >>> input. >>> >> >>> >> What kind of systems do you normally use for your pen-testing labs; >>> more >>> >> specifically, are there pre-set images that you use for testing >>> >> vulnerabilities and practice ("Ready-to-Hack" systems)? >>> >> >>> >> >>> > Hi Jamil, >>> > >>> > You can get started with *vulnhub.com*. They have some free (but >>> hosted via >>> > VPN) pre-configured scenarios, including some you can download. The >>> > vuln-injector program they have is great for weakening a random >>> Windows VM >>> > so you can experiment with a closer-to-real-world target. There is >>> also our >>> > scenario engine, currently in closed beta, at *bunker011.com* (almost >>> 800 >>> > different hosted VMs)--you could try registering and see if you get >>> invited. >>> > ;) >>> > >>> > It would be interesting to see if you could use the free VPN hosted >>> > projects, and use dd+netcat to steal them ... Interested, not endorsed! >>> > >>> > >>> > _______________________________________________ >>> > gpwn-list mailing list >>> > *[email protected]* >>> > *https://lists.sans.org/mailman/listinfo/gpwn-list* >>> > >>> > _______________________________________________ >>> > gpwn-list mailing list >>> > *[email protected]* >>> > *https://lists.sans.org/mailman/listinfo/gpwn-list* >>> > >>> > >>> > >>> > _______________________________________________ >>> > gpwn-list mailing list >>> > *[email protected]* >>> > *https://lists.sans.org/mailman/listinfo/gpwn-list* >>> > >>> _______________________________________________ >>> gpwn-list mailing list >>> *[email protected]* >>> *https://lists.sans.org/mailman/listinfo/gpwn-list*<http://www.autronix.com> >>> >>> >>> _______________________________________________ >>> gpwn-list mailing list >>> *[email protected]* >>> *https://lists.sans.org/mailman/listinfo/gpwn-list*<http://www.autronix.com> >>> >>> <http://www.autronix.com> >>> >>> >>> _______________________________________________ >>> gpwn-list mailing list >>> *[email protected]* >>> *https://lists.sans.org/mailman/listinfo/gpwn-list*<http://www.autronix.com> >>> >>> <http://www.autronix.com> >>> >>> ------------------------------ >>> >>> This message is intended for the sole use of the addressee, and may >>> contain information that is privileged, confidential and exempt from >>> disclosure under applicable law. If you are not the addressee you are >>> hereby notified that you may not use, copy, disclose, or distribute to >>> anyone the message or any information contained in the message. If you have >>> received this message in error, please immediately advise the sender by >>> reply email and delete this message. >>> >>> _______________________________________________ >>> gpwn-list mailing list >>> [email protected] >>> https://lists.sans.org/mailman/listinfo/gpwn-list >>> >>> > _______________________________________________ > gpwn-list mailing list > [email protected] > https://lists.sans.org/mailman/listinfo/gpwn-list > > > _______________________________________________ > gpwn-list mailing list > [email protected] > https://lists.sans.org/mailman/listinfo/gpwn-list > >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
