With the machines and environment detailed above and in the previous post I’ve managed to develop a highly versatile lab environment for both tool/exploit development and training/practice. Not bad for a total outlay of under £200 plus some time and effort.
Author archives: infosanity
Virtual lab machines
Since working through and reviewing Wilhelm’s ‘Professional Penetration Testing’ I’ve been trying to build up and improve my personal lab environment, still running ESXi and still running on my HP Proliant ML110 . Having just about got all of my target machines in place I thought this would be a good place to list the machines in my lab, and to share the sources for others looking for a test environment themselves.
Vyatta: First Impressions
I’ve known about Vyatta for a while, but whilst the premise has always seemed appealing I’ve not had a reason to dig deeper. Vyatta propose to be ‘The open source alternative to Cisco’, which appeals as a nice fit into a low-cost training and development lab so tonight I decided to take a closer look.
Machine migration with vmware converter
For anyone that has had to migrate machines to a virtual environment VMware’s Converter will likely be nothing new. It allows a straight forward way to migrate an existing server (both physical and most common virtual environments) to VMware’s Infrastracture, Server or Workstation product suites.
Review: Professional Penetration Testing (for EH-net)
I was recently asked by Don over at EH-Net if I would be interested in reviewing a new book by Thomas Wilhelm of Heorot.net: ‘Professional Penetration Testing: Creating and operating a formal hacking lab’. Naturally I jumped at the opportunity.
AV killing with powershell
A colleague recently introduced me to scripting with Powershell. After seeing a couple of examples of it’s strength for handling legitimate administration tasks my devious side came into play and I started imaging havok in my head.
Real world social engineering attempt
Coincidently with my current interest in social engineering practices I believe I recently encountered a real world attempt aimed in my direction. Late Saturday evening received a call claiming to be from the local police department in reference to a speeding ticket.
Social-Engineer.org
Social-Engineering has always been an interest of mine, whilst I’m not too good deceiving people in person, the potential of [spear-]phishing and physical media drops is too appealing to ignore. Recently there has been a good step forward in the maturity of the field with the opening of social-engineer.org. If you’re not willing to take […]
Python Whois class
After too long away from the project I have been trying to implement some additional functionality to my submissions2stats script for parsing Nepenthes log files. Something that I’ve had in mind for a while is utilising Whois data to better analyse the source of the malware submissions.
Review: Ecommerce, subversion & git @ SuperMondays
Tuesday night provided an interesting evening, and for more than just the somewhat non-geeky location at the Side Cinema. Topics covered a low resource ecommerce implementation, version control with Subversion and Git and a new database technology coming out of Northumbria University, Raquel.