SlideShare a Scribd company logo

Requirement for creating a Penetration Testing Lab

Download as DOCX, PDF
Syed Ubaid Ali Jafri
Syed Ubaid Ali Jafri

This document has been prepared in order to develop a good Penetration Testing and Vulnerability Assessment Lab. The document contains Hardware requirements, our manual & automated Software requirements, approaches for Performing Penetration testing. Further, this document is design to make a Penetration test LAB in order to simulate the vulnerabilities in the testing environment and to execute the vulnerability assessment & penetration testing from the LAB by providing the Static IP to the Client, ensuring that the test is being performed from a valid/legitimate link.

Education
1 of 8
Virtual Security 1 REQUIREMENTS FOR CREATING A PENETRATION TESTING LAB Contributed By: Syed Ubaid Ali Jafri
Virtual Security 2
Virtual Security 3 Contents REQUIREMENTS FOR CREATING A PENETRATION TESTING LAB.............................................................1 Introduction..........................................................................................................................................4 Hardware Requirements? ......................................................................................................................4 Software Requirements?........................................................................................................................4 Operating System Requirements?...........................................................................................................5 Network Diagram..................................................................................................................................6 Internet Connectivity Requirements: ......................................................................................................6 Pre- Requisites For a LAB:.......................................................................................................................6 Specialized Software Requirements forVulnerability Assessment & Penetration Testing...........................7
Virtual Security 4 Introduction Thisdocumenthasbeenprepared inorderto developagood PenetrationTestingandVulnerability AssessmentLab. The documentcontains Hardware requirements,ourmanual & automated Software requirements, approachesforPerformingPenetrationtesting. Further,thisdocumentisdesigntomake a PenetrationtestLAB inorderto simulate the vulnerabilitiesin the testingenvironmentandtoexecute the vulnerabilityassessment&penetrationtestingfromthe LAB by providingthe StaticIPto the Client,ensuringthatthe testisbeingperformedfromavalid/legitimate link. The toolsthat are mentionedinthisdocumentare the proprietary of differentvendorsthatare commercial andopensource and ourmotive isnotto advertise the software qualityof avendor,instead to providingthe qualitiesof softwarewe willshare ourgoodexperience of differentsolutions,and also buildcustomscriptand toolsforthe specifictasks forexample (Brute force attack,DosAttack,Exploits etc). Hardware Requirements? The Minimum requirements for creating a Penetration Testing Lab are stated below: 1. Minimum 5th Generation Server(s) with Quad Processor Technology. 2. Minimum 16 GB of RAM. 3. Minimum 500GB Hard Drive. 4. 3 LAN Ports Initially required. 5. 1 Switch of layer 2 Manageable is required. 6. 1 Wi-Fi router is required for remote connectivity with the Server(s). 7. 1 Router (2800,2811) Cisco. 8. 2 Firewalls arerequired for Securingthe LAB Infrastructure. 9. 3 LED based Monitors are required. 10. 1 Rack at least20U is required. 11. 10 - 15 Bootable USB sticks arerequired 12. Windows / Linux Operating System. Software Requirements? List of Minimum Customized Software requirements that are required on Windows based Operating System: 1. Mozilla Firefox with minimum add-ons (Hack bar, CookieStealer, Temper Data, Request Header Modifier). 2. Java for windows. 3. Virtual Machine(VMware Pro, OracleVirtual Box). 4. Microsoft.Net Framework 4.5. 5. Winrar. 6. Visual Studio version 2010.
Virtual Security 5 7. Sys Internal Suite 8. Adobe Acrobat Reader. 9. MicrosoftOffice2010. Operating System Requirements? List of Operating Systems that are required on Bootable USB Sticks 1. Kali Linux Version 2.0. 2. DEFT (Digital Evidence Forensics Toolkit). 3. Backtrack 5 R3. 4. Windows 7 BootableUSB 5. Wifi Slax 6. Kali Linux Version 1.0.6
Virtual Security 6 NetworkDiagram Internet Connectivity Requirements: The Connectivity for the internet requires: 1. Static (Dedicated IP Address) from the serviceprovider 2. Minimum 8-10 MB Internet connection Pipeis required. Pre-Requisites For a LAB: 1. Lab resource must have minimum 2 years of Networking/Information Security background I.T related organization. 2. Professional Hands on Command on Windows and Linux Based Operatingsystems 3. Basic programming on C, C++, VB is required,. 4. Lab resource must have good knowledge about Routing, Switching, Network /System Administration. Note:The Requirementsare initially mark up to reach theinitiallevel but are not limited to the above, it may changed dependson subject matter.
Virtual Security 7 Specialized Software Requirements for Vulnerability Assessment & Penetration Testing Reconnaissance / InformationGathering •NMAP (Open Source) •AngryIPScanner (Open Source) •Smart Whois (Open Source) •Wireshark (Open Source) •Recon-ng (Open Source) •Maltego (Open Source) •Search Diggty (Open Source) •Magic Net Trace (Commercial) •Foca by Elevel Paths (Open Source) Internal/ Web Based Vulnerability Assessment •App Scan byIBM (Commercial) - Lan GuardbyGFI (Commercial) •NetSparker (Commercial) - Nexpose byRapid7 (Commercial) •Web Inspect byHP (Commercial) - Acunetix (Commercial) •Web Cruiser (Commercial) - Network Miner (Commercial) •OwaspZAP (Open Source) - Ratina Scanner (Commercial) •Xenotix (Open Source) - NTO Spider (Commercial) •NStalker (Commercial) - Open VAS (Open Source) •Nessus Pro byTenable (Commercial) - Web Surgery (Community) Internal/ Web Based Penetration Testing •Sparta (Community) •Armitage (Open Source) •Core Impact byCore Securities (Commercial) •Havij Pro (Commercial) •Metasploit Pro (Commercial) •Exploit Pack (Commercial) •Brup Suite 1.6 Pro (Commercial) Configuration Review •Nipper StudiobyTitania (Commercial) •Nessus Pro (Commercial) •NCAT (Open Source) •Egressor (Community)
Virtual Security 8 Note: This document is a initial level document for designing and performing a vulnerability Assessment & penetration testing LAB, other requirements of penetration testing could vary upon organizational requirements. Source Code Review •App Scan Source by IBM (Commercial) •VisualCodeGrapper (Open Source) •OWASP LAPSE + (Open Source)

Recommended

VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0Michael Gough
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentationConfiz
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Network Intelligence India
 
Security testing
Security testingSecurity testing
Security testingRihab Chebbah
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 

Recommended

VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0Michael Gough
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentationConfiz
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Network Intelligence India
 
Security testing
Security testingSecurity testing
Security testingRihab Chebbah
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Penetration testing
Penetration testingPenetration testing
Penetration testingNameen Singh
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Digital Bond
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threatsVishal Kumar
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte
 
OSI Layered based attacks
OSI Layered based attacksOSI Layered based attacks
OSI Layered based attacksSyed Ubaid Ali Jafri
 
Software Testing and UML Lab
Software Testing and UML LabSoftware Testing and UML Lab
Software Testing and UML LabHarsh Kishore Mishra
 

More Related Content

What's hot

Penetration testing
Penetration testingPenetration testing
Penetration testingNameen Singh
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Digital Bond
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threatsVishal Kumar
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte
 

What's hot (20)

Penetration testing
Penetration testingPenetration testing
Penetration testing
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solution
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Security testing
Security testingSecurity testing
Security testing
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
 
Security testing
Security testingSecurity testing
Security testing
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
 

Viewers also liked

IBM Rational App Scan Tester Edition and Quality Manager
IBM Rational App Scan Tester Edition and Quality ManagerIBM Rational App Scan Tester Edition and Quality Manager
IBM Rational App Scan Tester Edition and Quality ManagerАлександр Шамрай
 
Security Testing
Security TestingSecurity Testing
Security TestingKiran Kumar
 
Software Testing Fundamentals
Software Testing FundamentalsSoftware Testing Fundamentals
Software Testing FundamentalsChankey Pathak
 

Viewers also liked (6)

OSI Layered based attacks
OSI Layered based attacksOSI Layered based attacks
OSI Layered based attacks
 
Software Testing and UML Lab
Software Testing and UML LabSoftware Testing and UML Lab
Software Testing and UML Lab
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
IBM Rational App Scan Tester Edition and Quality Manager
IBM Rational App Scan Tester Edition and Quality ManagerIBM Rational App Scan Tester Edition and Quality Manager
IBM Rational App Scan Tester Edition and Quality Manager
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Software Testing Fundamentals
Software Testing FundamentalsSoftware Testing Fundamentals
Software Testing Fundamentals
 

Similar to Requirement for creating a Penetration Testing Lab

Tune in for the Ultimate WAF Torture Test: Bots Attack!
Tune in for the Ultimate WAF Torture Test: Bots Attack!Tune in for the Ultimate WAF Torture Test: Bots Attack!
Tune in for the Ultimate WAF Torture Test: Bots Attack!Distil Networks
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...
ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...
ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...Robert Conti Jr.
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud EnvironmentShapeBlue
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The EnterpriseJason Ross
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockownerkhan
 
IPv6 Test Methodology
IPv6 Test MethodologyIPv6 Test Methodology
IPv6 Test MethodologyIxia
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
 
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4Yusuf Hadiwinata Sutandar
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and ITSite24x7
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...Felipe Prado
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Canturk Isci
 
Visualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityVisualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityCambridge Intelligence
 
Network Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationNetwork Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationVskills
 

Similar to Requirement for creating a Penetration Testing Lab (20)

Tune in for the Ultimate WAF Torture Test: Bots Attack!
Tune in for the Ultimate WAF Torture Test: Bots Attack!Tune in for the Ultimate WAF Torture Test: Bots Attack!
Tune in for the Ultimate WAF Torture Test: Bots Attack!
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...
ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...
ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxing
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud Environment
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The Enterprise
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknock
 
IPv6 Test Methodology
IPv6 Test MethodologyIPv6 Test Methodology
IPv6 Test Methodology
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
 
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016
 
Visualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityVisualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber Security
 
Network Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationNetwork Security Open Source Software Developer Certification
Network Security Open Source Software Developer Certification
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
Effective DevSecOps
Effective DevSecOpsEffective DevSecOps
Effective DevSecOps
 

More from Syed Ubaid Ali Jafri

Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Syed Ubaid Ali Jafri
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Syed Ubaid Ali Jafri
 
Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable Syed Ubaid Ali Jafri
 
Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography) Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography) Syed Ubaid Ali Jafri
 
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali JafriFinal Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali JafriSyed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography TechniquesSyed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography TechniquesSyed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology Syed Ubaid Ali Jafri
 

More from Syed Ubaid Ali Jafri (16)

Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015
 
Data calling from web to C#
Data calling from web to C#Data calling from web to C#
Data calling from web to C#
 
Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable
 
Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography) Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography)
 
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali JafriFinal Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
 
Syed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography TechniquesSyed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography Techniques
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology
 
Storage area network
Storage area networkStorage area network
Storage area network
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
 
IP Security over VPN
IP Security over VPNIP Security over VPN
IP Security over VPN
 
Network security over ethernet
Network security over ethernetNetwork security over ethernet
Network security over ethernet
 
LAN Security
LAN Security LAN Security
LAN Security
 

Recently uploaded

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfSanaAli374401
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfChris Hunter
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...KokoStevan
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.MateoGardella
 

Recently uploaded (20)

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 

Requirement for creating a Penetration Testing Lab

  • 1. Virtual Security 1 REQUIREMENTS FOR CREATING A PENETRATION TESTING LAB Contributed By: Syed Ubaid Ali Jafri
  • 3. Virtual Security 3 Contents REQUIREMENTS FOR CREATING A PENETRATION TESTING LAB.............................................................1 Introduction..........................................................................................................................................4 Hardware Requirements? ......................................................................................................................4 Software Requirements?........................................................................................................................4 Operating System Requirements?...........................................................................................................5 Network Diagram..................................................................................................................................6 Internet Connectivity Requirements: ......................................................................................................6 Pre- Requisites For a LAB:.......................................................................................................................6 Specialized Software Requirements forVulnerability Assessment & Penetration Testing...........................7
  • 4. Virtual Security 4 Introduction Thisdocumenthasbeenprepared inorderto developagood PenetrationTestingandVulnerability AssessmentLab. The documentcontains Hardware requirements,ourmanual & automated Software requirements, approachesforPerformingPenetrationtesting. Further,thisdocumentisdesigntomake a PenetrationtestLAB inorderto simulate the vulnerabilitiesin the testingenvironmentandtoexecute the vulnerabilityassessment&penetrationtestingfromthe LAB by providingthe StaticIPto the Client,ensuringthatthe testisbeingperformedfromavalid/legitimate link. The toolsthat are mentionedinthisdocumentare the proprietary of differentvendorsthatare commercial andopensource and ourmotive isnotto advertise the software qualityof avendor,instead to providingthe qualitiesof softwarewe willshare ourgoodexperience of differentsolutions,and also buildcustomscriptand toolsforthe specifictasks forexample (Brute force attack,DosAttack,Exploits etc). Hardware Requirements? The Minimum requirements for creating a Penetration Testing Lab are stated below: 1. Minimum 5th Generation Server(s) with Quad Processor Technology. 2. Minimum 16 GB of RAM. 3. Minimum 500GB Hard Drive. 4. 3 LAN Ports Initially required. 5. 1 Switch of layer 2 Manageable is required. 6. 1 Wi-Fi router is required for remote connectivity with the Server(s). 7. 1 Router (2800,2811) Cisco. 8. 2 Firewalls arerequired for Securingthe LAB Infrastructure. 9. 3 LED based Monitors are required. 10. 1 Rack at least20U is required. 11. 10 - 15 Bootable USB sticks arerequired 12. Windows / Linux Operating System. Software Requirements? List of Minimum Customized Software requirements that are required on Windows based Operating System: 1. Mozilla Firefox with minimum add-ons (Hack bar, CookieStealer, Temper Data, Request Header Modifier). 2. Java for windows. 3. Virtual Machine(VMware Pro, OracleVirtual Box). 4. Microsoft.Net Framework 4.5. 5. Winrar. 6. Visual Studio version 2010.
  • 5. Virtual Security 5 7. Sys Internal Suite 8. Adobe Acrobat Reader. 9. MicrosoftOffice2010. Operating System Requirements? List of Operating Systems that are required on Bootable USB Sticks 1. Kali Linux Version 2.0. 2. DEFT (Digital Evidence Forensics Toolkit). 3. Backtrack 5 R3. 4. Windows 7 BootableUSB 5. Wifi Slax 6. Kali Linux Version 1.0.6
  • 6. Virtual Security 6 NetworkDiagram Internet Connectivity Requirements: The Connectivity for the internet requires: 1. Static (Dedicated IP Address) from the serviceprovider 2. Minimum 8-10 MB Internet connection Pipeis required. Pre-Requisites For a LAB: 1. Lab resource must have minimum 2 years of Networking/Information Security background I.T related organization. 2. Professional Hands on Command on Windows and Linux Based Operatingsystems 3. Basic programming on C, C++, VB is required,. 4. Lab resource must have good knowledge about Routing, Switching, Network /System Administration. Note:The Requirementsare initially mark up to reach theinitiallevel but are not limited to the above, it may changed dependson subject matter.
  • 7. Virtual Security 7 Specialized Software Requirements for Vulnerability Assessment & Penetration Testing Reconnaissance / InformationGathering •NMAP (Open Source) •AngryIPScanner (Open Source) •Smart Whois (Open Source) •Wireshark (Open Source) •Recon-ng (Open Source) •Maltego (Open Source) •Search Diggty (Open Source) •Magic Net Trace (Commercial) •Foca by Elevel Paths (Open Source) Internal/ Web Based Vulnerability Assessment •App Scan byIBM (Commercial) - Lan GuardbyGFI (Commercial) •NetSparker (Commercial) - Nexpose byRapid7 (Commercial) •Web Inspect byHP (Commercial) - Acunetix (Commercial) •Web Cruiser (Commercial) - Network Miner (Commercial) •OwaspZAP (Open Source) - Ratina Scanner (Commercial) •Xenotix (Open Source) - NTO Spider (Commercial) •NStalker (Commercial) - Open VAS (Open Source) •Nessus Pro byTenable (Commercial) - Web Surgery (Community) Internal/ Web Based Penetration Testing •Sparta (Community) •Armitage (Open Source) •Core Impact byCore Securities (Commercial) •Havij Pro (Commercial) •Metasploit Pro (Commercial) •Exploit Pack (Commercial) •Brup Suite 1.6 Pro (Commercial) Configuration Review •Nipper StudiobyTitania (Commercial) •Nessus Pro (Commercial) •NCAT (Open Source) •Egressor (Community)
  • 8. Virtual Security 8 Note: This document is a initial level document for designing and performing a vulnerability Assessment & penetration testing LAB, other requirements of penetration testing could vary upon organizational requirements. Source Code Review •App Scan Source by IBM (Commercial) •VisualCodeGrapper (Open Source) •OWASP LAPSE + (Open Source)