Pen Testing Lab

This topic contains 9 replies, has 6 voices, and was last updated by  Henry864 3 years, 1 month ago.

  • Author
    Posts
  • #8530
     El33tsamurai 
    Participant

    Looking to make a set of tutorials about setting up a pen testing lab from hardware and box build to virtual servers/nodes ect. on the network.

    What are you guys looking for? Where would you like to see this start? What kind of budget should I gear this towards? Anything else?

  • #53286
     prats84 
    Participant

    Would be great if you can show like different network subnets and components showing a more real-life scenarios. For example something like OSCP labs. How they have couple of networks separated by firewalls.

    By saying oscp i dont mean the hosts details etc. But just more on having some virtual Firewall between the networks. How to automate the start and stop of VMs. May be restore from snapshots.

    I had a little difficult time to do automate restore from snapshots.

    Thanks.

    Pratik

  • #53287
     UKSecurityGuy 
    Participant

    I’ll 2nd prats84’s comments.

    A couple of random VMs with vulnerable copies of linux on them does not constituate a realistic corporate network.

    In my own test lab I have a linux machine acting as a webserver in the front end, and GNS3 providing a virtual firewall between that and the main network. Within the main network I have several microsoft machines (Virtual machines provided free from Microsoft’s download centre) set up with a few flaws such as insecure DNS update allowed, and shared Administrator passwords.

  • #53288
     El33tsamurai 
    Participant

    @prats84 wrote:

    Would be great if you can show like different network subnets and components showing a more real-life scenarios. For example something like OSCP labs. How they have couple of networks separated by firewalls.

    By saying oscp i dont mean the hosts details etc. But just more on having some virtual Firewall between the networks. How to automate the start and stop of VMs. May be restore from snapshots.

    I had a little difficult time to do automate restore from snapshots.

    Thanks.

    Pratik

    I been doing alot of research on how to automate the vm refresh like the oscp. I been planing on using PFsense as the firewall to separate all networks, does that work? Or are you interested in seeing other firewalls as well?

  • #53289
     JohnE 
    Participant

    Perhaps have a machine running an IDS to test bypassing them. Same with anti-virus.

  • #53290
     UKSecurityGuy 
    Participant

    The trouble with putting AV and IDS in these kind of networks is that they’re rule based. Different products have different rule sets, so even if you put in an AV that can be bypassed – it doesn’t indicate that all AVs can be bypassed.

    Firewall-wise, the flaws tend to be in the rulebases of these devices rather than the Appliance/Application itself, so I’d suggest that any firewall would do – as long as it’s got a couple of flaws in the rulebase – allowing the tester to poke through between different tiers of the application stack.

  • #53291
     El33tsamurai 
    Participant

    @uksecurityguy wrote:

    Firewall-wise, the flaws tend to be in the rulebases of these devices rather than the Appliance/Application itself, so I’d suggest that any firewall would do – as long as it’s got a couple of flaws in the rulebase – allowing the tester to poke through between different tiers of the application stack.

    I was thinking of having two paths into the network one with a firewall and one without.

  • #53292
     El33tsamurai 
    Participant

    Anyone looking for anything else?

  • #53293
     jrdoty 
    Participant

    I second everyone’s comments above. I’ve been doing some research into this as well. I’ve felt like the classes I have taken are realistic enough or don’t go to the next level with just a single vulnerable VM. I would like my pen test lab to have segmented networks with multiple machines/ web apps. IDS, AV, SIEM. I’ve looked into GNS3 before but I don’t have the IOS images to work with.

    My plan is to build my Pen test lab in October but I have begun to collect resources on it. Paul Dot com and Joesph McCray have talked a lot about good pen test labs. Some links
    https://blip.tv/pauldotcom/building-a-security-lab-on-the-cheap-6543666
    http://seclists.org/pauldotcom/2010/q1/1035
    http://mail.pauldotcom.com/pipermail/pauldotcom/2012-June/008584.html
    http://castroller.com/podcasts/PauldotcomSecurityWeekly/3401222

    Also this book seemed to have some good info on setting up advanced pen test labs
    http://www.amazon.com/dp/1849517746

    Although AVs and IDS’s are rule based it is better than nothing. A realistic pen test would have network security devices like these that you will have to work around.

  • #53294
     Henry864 
    Participant

    Introducing the Offensive Security Penetration Testing Labs (OSPTL), a safe virtual network environment designed to be attacked and penetrated as a means of learning and sharpening your pen testing skills. The OSPTL was created using our years of experience running the Offensive Security Training Labs, as well as the large number of pen tests we have conducted over the years. This allows us to mirror interesting scenarios and introduce them into our hosted virtual labs. The virtual labs network is rife with both public and private vulnerabilities, each designed to deliver a specific educational experience to attacking participants.

    Our hosted virtual labs networks are rich with various Operating Systems and attack vectors, allowing participants to utilize and hone a broad set of Offensive Security pen testing skills. Many vulnerable machines have non-standard configurations, often forcing participants to dig deep into the vulnerabilities in order to complete their task, rather than blindly using automated tools. This in turn provides for a richer and significantly more educational experience. Simply pointing existing attack tools at the targets and clicking “go” won’t work.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?