February 11, 2010 at 2:52 pm #4653rframeParticipant
I’m preparing for the CEH on my own (no formal classes), and would like exposure to more lab environments for pen testing. I wanted to know if you’ve located any interesting lab environment resources for pen testing?
What I’m hoping to find are more resources like de-ice.net which provide vmware images and lab scenarios to test against. Online labs would be great too.
I enjoy working against systems that I haven’t setup myself.
The offensive security course and online labs look like a good value, but I think I’ll wait until after I sit for my CISSP later this spring so that I can apply the continuing education credits earned toward future ISC2 requirements.
February 11, 2010 at 3:01 pm #28925hayabusaParticipant
Good luck, and welcome to EH-Net, rframe. You’ve found a good place to get you going.
There are other good live-cd lab scenarios you can use. Hackerdemia, pwnOS, Webgoat and others will give you some other basics to look at and start studying with. There’s also a good book, written by Thomas Wilhelm (recently talked about on the forums here): “Professional Penetration Testing: Creating and Operating a Formal Hacking Lab” which I would highly recommend as a good resource for your learning pleasure. The book is an excellent resource / read, and the DVD contains images for many of the live-cd’s I listed above, as well as videos and tutorials from the heorot.net site. If you’re looking to get started, it’s a good way to begin. Also, another good book for building your OWN lab is “Build Your Own Security Lab: A Field Guide for Network Testing”
I think if you’re looking for basic starting points, those will do you well!
February 11, 2010 at 4:27 pm #28926UNIXParticipant
Welcome to the forums, rframe.
There are some other resources as well, including Damn Vulnerable Linux, Foundstone’s Hacme series and still some more.
You may also browse through similar threads, were some more recommendations were already given. Eventually you might also find similar questions in several newsgroups.
February 11, 2010 at 4:37 pm #28927unsupportedParticipant
I’m remembering someone suggesting Damn Vulnerable Linux (http://www.damnvulnerablelinux.org). It is a pre-configured Linux system with a ton of holes in it to poke around in. There is also another project Dam Vulnerable Web App (http://sourceforge.net/projects/dvwa/), and of course Foundstone’s Hacme series of tools (http://www.foundstone.com/us/resources-free-tools.asp). OWASP’s WebGoat Project (http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project) may also be useful to you.
I also remember some servers which are setup for pen testing/exploration… maybe it was a honey net project or darknet or something.
My experience with the CEH, it is just as easy to setup the tools with two PCs and a virtual machine setup Snort, and bang out NMAP switches while running Wireshark.
(edit: awesec beat me to the punch in posting because I had to pay the plumber!)
February 11, 2010 at 7:20 pm #28928
February 11, 2010 at 8:58 pm #28929KetchupParticipant
Overthewire.org war games are a pretty cool resource as well.
February 12, 2010 at 1:02 am #28930rframeParticipant
Thanks for all the quick suggestions, very helpful and you’ve given me plenty to work on. I appreciate it. ;D
February 12, 2010 at 12:36 pm #28931caissydParticipant
I knew about half of them, but I am very happy to see this list too!
I think you can also get DefCon’s capture the flag server images and answers from their web site.
February 16, 2010 at 6:08 pm #28932unsupportedParticipant
Man, this thread has been bothering me for days. I knew there was another resource out there for pen testing. I finally found it. Netwars, http://netwars.info/.
Ok, I totally feel better now!
- You must be logged in to reply to this topic.