Pen Testing Lab

Viewing 9 reply threads
  • Author
    Posts
    • #8530
      El33tsamurai
      Participant

      Looking to make a set of tutorials about setting up a pen testing lab from hardware and box build to virtual servers/nodes ect. on the network.

      What are you guys looking for? Where would you like to see this start? What kind of budget should I gear this towards? Anything else?

    • #53286
      prats84
      Participant

      Would be great if you can show like different network subnets and components showing a more real-life scenarios. For example something like OSCP labs. How they have couple of networks separated by firewalls.

      By saying oscp i dont mean the hosts details etc. But just more on having some virtual Firewall between the networks. How to automate the start and stop of VMs. May be restore from snapshots.

      I had a little difficult time to do automate restore from snapshots.

      Thanks.

      Pratik

    • #53287
      UKSecurityGuy
      Participant

      I’ll 2nd prats84’s comments.

      A couple of random VMs with vulnerable copies of linux on them does not constituate a realistic corporate network.

      In my own test lab I have a linux machine acting as a webserver in the front end, and GNS3 providing a virtual firewall between that and the main network. Within the main network I have several microsoft machines (Virtual machines provided free from Microsoft’s download centre) set up with a few flaws such as insecure DNS update allowed, and shared Administrator passwords.

    • #53288
      El33tsamurai
      Participant

      @prats84 wrote:

      Would be great if you can show like different network subnets and components showing a more real-life scenarios. For example something like OSCP labs. How they have couple of networks separated by firewalls.

      By saying oscp i dont mean the hosts details etc. But just more on having some virtual Firewall between the networks. How to automate the start and stop of VMs. May be restore from snapshots.

      I had a little difficult time to do automate restore from snapshots.

      Thanks.

      Pratik

      I been doing alot of research on how to automate the vm refresh like the oscp. I been planing on using PFsense as the firewall to separate all networks, does that work? Or are you interested in seeing other firewalls as well?

    • #53289
      JohnE
      Participant

      Perhaps have a machine running an IDS to test bypassing them. Same with anti-virus.

    • #53290
      UKSecurityGuy
      Participant

      The trouble with putting AV and IDS in these kind of networks is that they’re rule based. Different products have different rule sets, so even if you put in an AV that can be bypassed – it doesn’t indicate that all AVs can be bypassed.

      Firewall-wise, the flaws tend to be in the rulebases of these devices rather than the Appliance/Application itself, so I’d suggest that any firewall would do – as long as it’s got a couple of flaws in the rulebase – allowing the tester to poke through between different tiers of the application stack.

    • #53291
      El33tsamurai
      Participant

      @UKSecurityGuy wrote:

      Firewall-wise, the flaws tend to be in the rulebases of these devices rather than the Appliance/Application itself, so I’d suggest that any firewall would do – as long as it’s got a couple of flaws in the rulebase – allowing the tester to poke through between different tiers of the application stack.

      I was thinking of having two paths into the network one with a firewall and one without.

    • #53292
      El33tsamurai
      Participant

      Anyone looking for anything else?

    • #53293
      jrdoty
      Participant

      I second everyone’s comments above. I’ve been doing some research into this as well. I’ve felt like the classes I have taken are realistic enough or don’t go to the next level with just a single vulnerable VM. I would like my pen test lab to have segmented networks with multiple machines/ web apps. IDS, AV, SIEM. I’ve looked into GNS3 before but I don’t have the IOS images to work with.

      My plan is to build my Pen test lab in October but I have begun to collect resources on it. Paul Dot com and Joesph McCray have talked a lot about good pen test labs. Some links
      https://blip.tv/pauldotcom/building-a-security-lab-on-the-cheap-6543666
      http://seclists.org/pauldotcom/2010/q1/1035
      http://mail.pauldotcom.com/pipermail/pauldotcom/2012-June/008584.html
      http://castroller.com/podcasts/PauldotcomSecurityWeekly/3401222

      Also this book seemed to have some good info on setting up advanced pen test labs
      http://www.amazon.com/dp/1849517746

      Although AVs and IDS’s are rule based it is better than nothing. A realistic pen test would have network security devices like these that you will have to work around.

    • #53294
      Henry864
      Participant

      Introducing the Offensive Security Penetration Testing Labs (OSPTL), a safe virtual network environment designed to be attacked and penetrated as a means of learning and sharpening your pen testing skills. The OSPTL was created using our years of experience running the Offensive Security Training Labs, as well as the large number of pen tests we have conducted over the years. This allows us to mirror interesting scenarios and introduce them into our hosted virtual labs. The virtual labs network is rife with both public and private vulnerabilities, each designed to deliver a specific educational experience to attacking participants.

      Our hosted virtual labs networks are rich with various Operating Systems and attack vectors, allowing participants to utilize and hone a broad set of Offensive Security pen testing skills. Many vulnerable machines have non-standard configurations, often forcing participants to dig deep into the vulnerabilities in order to complete their task, rather than blindly using automated tools. This in turn provides for a richer and significantly more educational experience. Simply pointing existing attack tools at the targets and clicking “go” won’t work.

Viewing 9 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?