The document discusses setting up a virtual testing environment for security assessments. It recommends candidates obtain hands-on experience through virtual labs to supplement degrees and certifications. The document outlines hardware requirements, virtualization platform options like VMware ESXi, and provides step-by-step instructions to install ESXi and create a Windows management VM. It also discusses obtaining offensive, forensic, vulnerability, and virtual appliance distributions and converting them to the ESXi format to test skills in a safe, isolated environment.

1. Step On In,
The Water’s Fine!
An Introduction To
Security Testing Within A
Virtualized Environment

2. About Me:
• Tom Moore – Twitter: @c0ncealed
• Christian, Husband, & Father
• Red Team / Penetration Tester
• Security Awareness Evangelist
• Prior Marshall University Student
• High Hack Society / Proverbs Hackers
• Unrelenting G33K
• 2nd Amendment Supporter
• Should in NO WAY be considered an
expert in anything that I may say. =)
• SUPPORT HACKERS FOR CHARITY!

3. Agenda:
My goal is to provide
meaningful information in
the area of virtualized testing
environment options. I also wish
to convey why an understanding
of this subject is vastly needed
and for the most part easily
attainable, even though the
subject is often avoided
or overlooked.

4. Role Playing:
You are applying for a role within my
organization’s Information Security
Group...
One of the questions that I’m going to
ask you would be:
“What you are doing to either maintain,
or increase your relevant skill-set.”
What is your response?

5. What Is Seen:
Candidates for employment that have a
degree or relevant certifications, but
have learned the given curriculum in a
manner that allows them to test well on
the content.

6. What Is Needed:
Candidates for employment that not only
have a degree or relevant certifications,
but also possess a true working
knowledge of how to leverage their
toolsets to achieve the expected goal.

7. What Can Be Done:
Security Professionals in training need to
take a more direct approach towards
ensuring that they understand not only
the tools introduced to them, but also
the underlying architectures that they
operate on and sometimes exploit.
A more informed candidate is what is
being sought after in today’s Information
Security job market.

8. How This Can Be
Accomplished:In addition to book learning, hands-on
experience with these toolsets should be
the recipient of your invested time.

9. What Is Needed:
Candidates for employment that not only
have a degree or relevant certifications,
but also possess a true working
knowledge of how to leverage their
toolsets to achieve the expected goal.
Credit: CSOOnline.com - http://www.csoonline.com/article/2146363/security-leadership/self-taught-hackers-rule.html

10. What Is Needed:
Candidates for employment that not only
have a degree or relevant certifications,
but also possess a true working
knowledge of how to leverage their
toolsets to achieve the expected goal.
Credit: CSOOnline.com - http://www.csoonline.com/article/2146363/security-leadership/self-taught-hackers-rule.html

11. What Is Needed:
Candidates for employment that not only
have a degree or relevant certifications,
but also possess a true working
knowledge of how to leverage their
toolsets to achieve the expected goal.
Credit: CSOOnline.com - http://www.csoonline.com/article/2146363/security-leadership/self-taught-hackers-rule.html

12. How You Can Get There:
Practice… Practice… Practice…
Where You Can Practice:
Set up your own virtual lab!
• The cost is well worth the gain
• There are many open-source solutions
• Many toolset distributions now use
virtual machines as primary medium
• A wide variety of vulnerable
environments are also available for
your learning pleasure

13. Need Another Reason?:
More and more, the physical system
environments are going away!
Some might argue that familiarizing
yourself within a virtual environment will
be a more relevant method of training
and will give you experience that
employers are already looking for in
their next-generation of security
professionals.

14. Definition of Terms:
Hypervisor:
A hypervisor is a virtual machine
monitor (VMM).
It is generally a piece of computer
software, firmware, or hardware that
creates and runs virtual machines.
A computer on which a hypervisor is
running is defined as a host machine.
The virtual machines that run on this
host are referred to as guest machines.

15. Definition of Terms:
Virtual Machine:
A virtual machine (VM) is a software
based emulation of a computer.
Virtual machines generally operate
based on the architecture and functions
of a real computer.

16. Definition of Terms:
Snapshot:
A snapshot preserves the state and data
of a virtual machine at a specific point in
time.
The state includes the VM’s power state.
(ex: powered-on, powered-off, or
suspended)
The data includes all of the files that
make up the VM. This includes disks,
memory, and other devices, such as
virtual network interface cards.

17. Definition of Terms:
Bridged / NAT / Host Only :
The options available to configure virtual
network adapters within VM’s.
Bridged: Binds the virtual network adapter directly
to your physical ethernet adapter. The VM will obtain
DHCP lease from the physical network.
NAT: Binds the virtual network adapter behind a NAT
environment. Obtains internal DHCP address and
shares the physical ethernet adapter’s public IP
address for external communication.
Host Only: Allows internal network communication
only. DHCP lease obtained behind internal NAT.

18. Let’s Get Technical:
Enough with the hypothetical, let’s get
into the bits… cause this bytes… =P
Structure for the approach:
• Hardware considerations
• Virtualization platform options
• Example set-up of Vmware ESXi
• Offensive or Forensic Distributions
• Ex: Kali or SamuraiWTF
• Virtual Appliances
• Vulnerable Distributions
• Ex: Metasploitable 2 or NOWASP

19. Hardware Considerations:
• While the CPU speeds do matter, they
will not be your primary concern.
• A quad-core CPU is recommended.
• What you will need plenty of are:
• Memory (RAM)
• Hypervisors are memory hogs.
• Hard Drive Capacity (HDD)
• VM’s range drastically in size,
especially when Snapshotted.
• A sufficient Power Supply will need to
be accounted for based on the above
specifications.

20. Virtualization Platforms:
• VMware Fusion (Mac)
• VMware Player/Workstation (Win/Linux)
• VMware ESXi (Server)
• Parallels (Mac)
• Oracle VirtualBox (Mac/Win/Linux)
• ProxMox (Server)
• XenServer (Server, running OpenVZ as guest)
This list should not be considered all-inclusive.
These are simply platforms that I have tested.

21. VMware ESXi Setup:
• For our example, I have set up a
VMware ESXi Hypervisor on this
MacBook Pro system.
• System Specs:
• CPU: Quad-core Intel i7 2GHz
• RAM: 16GB 1333MHz DDR3
• HDD: WD Black 500GB 7200 RPM
• VMware ESXi is free for educational
purposes. Register on vmware.com for
a license key.
• Here are some screenshots of the ESXi
setup process for your reference.

22. VMware ESXi Setup:
• Further Information…
• This installation is performed by
using the following configuration:
•VMware ESXi .iso image is on host
MacBook Pro.
•Created a New virtual machine
within VMware Fusion.
•Set the ESXi .iso as the boot media
for the VM.
• (This is being done this way for
demonstration purposes. If you have
physical hardware for ESXi, use that)

23. VMware ESXi Setup:
• Brace yourselves! Screenshots!

42. VMware ESXi Management:
• The one disadvantage to using
VMware ESXi, in my opinion, is that
the most effective management
interface is in the form of a Windows
fat client.
• Due to this, we will also go through
the process of setting up a Windows 8
VM with the VMware vSphere Client as
well as the VMware vCenter Converter
Standalone application.
• This will be our ESXi management VM.

43. VMware ESXi Management:
• Further Information…
• This installation is performed by
using the following configuration:
•Windows 8.1 .iso image is on host
MacBook Pro.
•Created a New virtual machine
within VMware Fusion.
•Set the Windows 8.1 .iso as the
boot media for the VM.
• (This is done so that we don’t have to
have a physical Windows box for ESXi
Management.)

44. VMware ESXi Management:
• More Screenshots?

77. VMware ESXi Management:
• Now we will register VMware vSphere
Client.
• The key should have been obtained
when you registered for your
vmware.com account and downloaded
your ESXi iso files and binaries.
• When its registered, you will see the
status message in the bottom right-
hand corner of the client disappear.

85. VMware ESXi Management:
• Now we will setup VMware vCenter
Converter Standalone.
• This will be used to convert VMware
images into an ESXi format.
• It will also transfer VM’s over to our
ESXi Server after conversion.

101. Offensive / Forensic
Distributions:• Kali Linux
• BlackArch Linux
• Backbox Linux
• Pentoo
• SamuraiWTF
• MobiSec
• SIFT Workstation
• DEFT Linux
• REMnux

103. Offensive / Forensic
Distributions:• Screenshots!

104. Virtual Appliances:
• Routers / Switches
• Vyatta
• Firewalls
• pfSense
• Intrusion Prevention Systems
• Intrusion Detection Systems
• SecurityOnion
• Security Incident and Event Monitoring
• AlienVault OSSIM

107. Vulnerable Distributions:
• Metasploitable 2
• NOWASP Mutillidae
• OWASP Broken Web Apps
• Web Security DoJo
• HADES
• VulnVOiP
• VulnVPN
• Dexter
• Brainpan
• Relativity

108. Vulnerable Distributions:
• VulnHub
www.vulnhub.com
• Credit: g0tm1lk

109. Vulnerable Distributions:
• Leveraging VulnHub.com, we will pull
down a copy of Metasploitable2 as our
vulnerable guest distribution.
• Now we will use VMware vCenter
Converter Standalone to convert our
new vulnerable image and then push
it to our ESXi server.

131. Vulnerable Distributions:
• Now let’s spin it up!
• Once we have the Metasploitable 2 VM
powered on, we will go back to our
Kali VM within VMware Fusion.
• From the Kali offensive VM, let’s scan
the virtual DHCP range looking for our
new vulnerable guest machine!

135. Congratulations!:
• You have just gone through the
process of setting up a virtual testing
lab with a VMware ESXi hypervisor!
• You have a Windows VM set up to
manage your hypervisor.
• You know where to obtain your
Offensive, Appliance, and Vulnerable
distributions and VMs.
• You also know how to convert and
transfer them to your ESXi server!
• You then saw how easy it was to
enumerate guests from your Kali VM!

136. Summary:
• InfoSec Recruiters for organizations
are looking for candidates that KNOW
how to leverage the needed tools to
perform an assessment.
• You can teach yourself skills that may
not be covered in most curriculums
through the use of Virtual
Environments.
• It takes time, it’s not easy, but it will
pay off.
• YOU CAN DO THIS!

137. One More Thing:
• If you would like to support or present
at a BSides conference, please consider
presenting at BSides Charlotte!
• When: June 21, 2014 (Sat)
• Where: Charlotte, NC
• Web: www.bsidesclt.org
• Twitter: @BSidesCLT

138. I’m Out:
THANK YOU!

139. Contact Info:
• Name: Tom Moore
• E-mail: c0ncealedx64@gmail.com
• Twitter: @c0ncealed
* Send hate mail to Bill Gardner
THANK YOU!