.

Project documentation

<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Sat Mar 06, 2010 4:48 pm

Project documentation

I am currently reading Toms book. So far so good. My goal though is to document everything i learn and post it on me blog.  I basically read each chaptor and document my findings and i also do the homework at the end of each chapter. I am currently on chapter 5 and have some questions. BUT my main question i need answered is what type of software should i use to document. As of now i am using google docs so that when im in BT2 or any of my virtualboxes, i can copy and paste my text into the online doc. Is there another way or a better way to document my project? I dont mind google docs cuz then i can copy paste right from the VB into google docs and then access it from my HOST machine. Whilst if i used just word on my HOST, i wouldnt be able to copy paste from my VB guest to the HOST since i do not have the live cd's installed. Just running them as a live cd

thanx

Matt
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Mar 06, 2010 10:44 pm

Re: Project documentation

I think for the purposes of your lab work, the Google docs thing isn't a bad idea, if it works for you.  It's simply a matter of what tool YOU prefer to work with.  For me, it depends on what OS I'm using, with what tools.  With Windows, I often use Textpad (if it's my own machine, and not a 'borrowed one.'  With Linux, it varies, with anything from vi to gedit, to any number of tools. 

Also, depends on what, exactly, you're documenting...  If you're just doing text, then any of the above, and many others, will suffice.  If you're documenting using grapics (screenshots) and / or video capture, then you may use other tools.  I use many different tools in any given pentest, depending on the scope, the deliverable I want to hand over at the conclusion, and what makes the most sense for the tools and testing I'm using.

It's really a matter of preference, IMHO.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Sat Mar 06, 2010 11:56 pm

Re: Project documentation

hayabusa wrote:I think for the purposes of your lab work, the Google docs thing isn't a bad idea, if it works for you.  It's simply a matter of what tool YOU prefer to work with.  For me, it depends on what OS I'm using, with what tools.  With Windows, I often use Textpad (if it's my own machine, and not a 'borrowed one.'  With Linux, it varies, with anything from vi to gedit, to any number of tools. 

Also, depends on what, exactly, you're documenting...  If you're just doing text, then any of the above, and many others, will suffice.  If you're documenting using grapics (screenshots) and / or video capture, then you may use other tools.  I use many different tools in any given pentest, depending on the scope, the deliverable I want to hand over at the conclusion, and what makes the most sense for the tools and testing I'm using.

It's really a matter of preference, IMHO.


Ok cool.

Thanx for the input. I look forward to my finished result of all my hard work and logging. I figure i outa learn pen testing since i am going into Business Technology Management with a two year degree in network engineering.

Chapter 5 of the book however brings some questions to mind. For example: A controlled lab with virtualbox to study malware and examine it. Seems confusing to st one up.

thanx

Matt
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Mar 07, 2010 11:22 am

Re: Project documentation

Not really so 'confusing' if you think and understand the reasoning and purposes behind it.  Using Virtualbox, or VMWare, or any other virtualization platform, to setup hosts to use for malware testing is a very valuable tool.  I typically use VMWare (my hypervisor of choice) or Xen, myself.  With VMWare I can create a base image of XP, for instance, then snapshot that, and continue to patch or add products, etc, then snapshot at each point.  That way, if I need to revert to an OS version for testing, etc, it's simply a matter of restoring the snapshot, and doing my testing, then reverting back to another snapshot when I'm done.  Saves TONS of time and duplication of effort.

Using these VM's, also, to test malware, can help you prevent other issues you might encounter, if you were to test against live machines.  You can put your VM guest OS into host only mode, or otherwise isolate it from any network segments, so that said malware cannot spread to other machines outside of the VM, or wreak havoc on your local network.  You can then analyze it in a sandboxed environment, and really see what it's trying to do, with minimized risk.

I even use my VM's to do demonstrations and presentations to other groups and customers, to show them what I've found in testing their environments, etc, using a 'lab' that I can fully control, without further risking their environment.  Customers tend to like it when I can show their upper mgmt what they have been running into, or COULD potentially run into, without having to risk their environment to do so.

Granted, it might take you a little bit to get comfortable with using VM's and guests, but in the long run, I think you'll find it a MAJOR time saver, a very useful testing platform, and an overall great tool.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Sun Mar 07, 2010 11:40 am

Re: Project documentation

Another handy feature of VMware is to auto-configure it so that it reverts back to it's initial status as soon as it is shuts down or reboots, which can be nicely used together with the snapshots hayabusa already mentioned.

It should be considered, though, that some malware is able to detect where it is executed and trigger some functions which leads to a different behavior than it would have otherwise. Even more worse is the capability to leave the virtual machine and infect the host system.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Mar 07, 2010 12:17 pm

Re: Project documentation

I agree with awesec, here.

Also, of note, is that if you use VMWare, the newer versions have screen capture / video capability, so as you're testing or doing some work, you can have VMWare record your actions, so that A.) you can use that for documentation / presentation work, and B.) if you don't understand what you're seeing, or if the testing doesn't make sense to you, you could submit the recording to the 'collective' (read EH-Net or other security pro's) to get their input on what you may or may not be doing wrong, or to enlighten you on what's actually happening, etc.

It's just an overall handy way to do testing and POC (proof of concept.)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Sun Mar 07, 2010 3:25 pm

Re: Project documentation

hayabusa wrote:I agree with awesec, here.

Also, of note, is that if you use VMWare, the newer versions have screen capture / video capability, so as you're testing or doing some work, you can have VMWare record your actions, so that A.) you can use that for documentation / presentation work, and B.) if you don't understand what you're seeing, or if the testing doesn't make sense to you, you could submit the recording to the 'collective' (read EH-Net or other security pro's) to get their input on what you may or may not be doing wrong, or to enlighten you on what's actually happening, etc.

It's just an overall handy way to do testing and POC (proof of concept.)


Maybe i need to switch to VMware rather than VB? How much does VMware cost?

Ok. i think i understand what was being said by both of you and the book. For some reason i was under the impression that malware could detect the presence of Virtual software, therefore making it more difficult to study since the malware would not behave as if it were on a real system..  Maybe i misunderstood the readings. hahah

thanx for the input.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Sun Mar 07, 2010 3:29 pm

Re: Project documentation

VMware Player, VMware Server, as well as VMware ESXi are free.
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Sun Mar 07, 2010 4:08 pm

Re: Project documentation

awesec wrote:VMware Player, VMware Server, as well as VMware ESXi are free.


hmm, with vmware server, can i add network adapters and set them up as host only?

thanx
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sun Mar 07, 2010 4:12 pm

Re: Project documentation

Yep, you certainly can.  You can have a host-only, NATed, or a Bridged network.  The host-only is obviously self-contained.  The NATed and Bridged options will be able to go "outside."  There has been talk of techniques to breach the host-only security.  I am not sure how successful they are at this point.  You can always just remove the virtual Ethernet adapter in VmWare. 
~~~~~~~~~~~~~~
Ketchup
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Sun Mar 07, 2010 5:07 pm

Re: Project documentation

Ketchup wrote:Yep, you certainly can.  You can have a host-only, NATed, or a Bridged network.   The host-only is obviously self-contained.   The NATed and Bridged options will be able to go "outside."   There has been talk of techniques to breach the host-only security.   I am not sure how successful they are at this point.   You can always just remove the virtual Ethernet adapter in VmWare. 


Hmm. VMware server or VB??? tough question
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sun Mar 07, 2010 5:34 pm

Re: Project documentation

It comes down to what you are most familiar and comfortable with.  ESXi is a pretty cool product, because it is a bare-metal hypervisor.  I ran into some hardware compatibility issues with it though. 
~~~~~~~~~~~~~~
Ketchup
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Sun Mar 07, 2010 6:07 pm

Re: Project documentation

Ketchup wrote:It comes down to what you are most familiar and comfortable with.   ESXi is a pretty cool product, because it is a bare-metal hypervisor.   I ran into some hardware compatibility issues with it though.   


lol, well. i have never used any of them for more than 2 hours. haha. first time i used them was when i picked up Toms book. never knew what virtualization was and how it worked.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sun Mar 07, 2010 6:24 pm

Re: Project documentation

Personally, I think that you will find more support from VmWare due to the popularity of their products.
~~~~~~~~~~~~~~
Ketchup
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Sun Mar 07, 2010 7:34 pm

Re: Project documentation

Ketchup wrote:Personally, I think that you will find more support from VmWare due to the popularity of their products.


sweet action. Thanx for the input. Im excited to learn some new stuff.
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software