Joe McCray, profile picture
Uploaded byJoe McCray
455 views

Building a low cost hack lab

The document provides guidelines for establishing a low-cost hacklab covering hardware, software, VMware, VirtualBox, and pentesting tips. It includes recommendations on hardware options, acquiring operating systems and vulnerable applications, as well as specific technical tips for using VMware and VirtualBox effectively. Additionally, it emphasizes staying updated on vulnerabilities and suggests best practices for network design and defense measures.

Embed presentation

Downloaded 21 times
Strategic Security, Inc. © http://www.strategicsec.com/ Building A Low Cost HackLab Presented By: Joe McCray joe@strategicsec.com http://www.linkedin.com/in/joemccray http://twitter.com/j0emccray
Strategic Security, Inc. © http://www.strategicsec.com/ Building A Low Cost HackLab What we will be covering today: • Hardware Tips • Software Tips • VMWare Tips • VirtualBox Tips • Pentester Tips
Strategic Security, Inc. © http://www.strategicsec.com/ Hardware Tips
Strategic Security, Inc. © http://www.strategicsec.com/ Hardware Tips • Should you use an old machine/old laptop • Should you build a whitebox for this • What types of hardware should you buy
Strategic Security, Inc. © http://www.strategicsec.com/ Hardware Tips • Should you use an old machine/old laptop You can use an old laptop, but if you want to be able to run a few VMs at a time you’d probably want something more robust.
Strategic Security, Inc. © http://www.strategicsec.com/ Hardware Tips • Should you build a whitebox for this • What types of hardware should you buy? Check out a ShuttleBox • http://www.amazon.com/exec/obidos/ASIN/B004UC4HCG/virtuinsan-20 Here is a good walk-through for building ESXi • http://www.ryanbirk.com/the-perfect-vmware-vsphere-5-homelab/
Strategic Security, Inc. © http://www.strategicsec.com/ Software Tips
Strategic Security, Inc. © http://www.strategicsec.com/ Software Tips • Where do you get all of the operating systems from? • Where do you get all of the vulnerable applications from?
Strategic Security, Inc. © http://www.strategicsec.com/ Software Tips • Where do you get all of the operating systems from? • Expensive: • http://msdn.microsoft.com/en-us/subscriptions/aa718661 • Cheap: • http://books.half.ebay.com/ • Buy used books on Operating Systems with the CD/DVD still in them
Strategic Security, Inc. © http://www.strategicsec.com/ Software Tips • Where do you get all of the vulnerable applications from • http://www.oldapps.com/ • Common vulnerable Targets that people use: • Metasploitable http://sourceforge.net/projects/metasploitable/files/Metasploitable2/ • Web Security Dojo http://sourceforge.net/projects/websecuritydojo/ • OWASP Hackademics http://code.google.com/p/owasp-hackademic-challenges/ • WebMaven https://www.mavensecurity.com/WebMaven/ • Moth http://www.bonsai-sec.com/en/research/moth.php • DVWA http://www.dvwa.co.uk/ • De-ICE http://hackingdojo.com/pentest-media/
Strategic Security, Inc. © http://www.strategicsec.com/ VMWare Tips
Strategic Security, Inc. © http://www.strategicsec.com/ VMWware Tips • Creating linked clones in ESXI • Deploying Snort or Surricata in ESXI • vSwitch features that you may want to use in your environment
Strategic Security, Inc. © http://www.strategicsec.com/ VMWware Tips • Creating linked clones in ESXI • https://github.com/kernelsmith/env-customization/blob/master/esxi/ghetto-esxi-linked-clones.sh • http://nchrissos.wordpress.com/2013/04/22/cloning-a-vm-without-vcenter-in-esxi-5-1-free-edition/ • http://www.virtuallyghetto.com/2012/09/creating-se-sparse-linked-clones-using.html
Strategic Security, Inc. © http://www.strategicsec.com/ VMWware Tips • Creating linked clones in ESXI • Deploying Snort or Surricata in ESXI • vSwitch features that you may want to use in your environment
Strategic Security, Inc. © http://www.strategicsec.com/ VMWware Tips • Creating linked clones in ESXI on the cheap (FREE is good) • https://communities.vmware.com/docs/DOC-9202?tstart=7450 • Deploying Snort or Surricata in ESXI • https://isc.sans.edu/diary/Running+Snort+on+VMWare+ESXi/15899 • vSwitch features that you may want to use in your environment • VLANs
Strategic Security, Inc. © http://www.strategicsec.com/ VMWware Tips • What a vSwitch is and is not • vSwitch features such as VLAN trunking, link bonding, frame forwarding • no STP, limited QoS, no SPAN or RSPAN, no NetFLOW / sFLOW etc, no filtering, no VACL and so on • Reference: • http://etherealmind.com/vmware-vswitch-does-not-scale-design/ • vSwitch features that you may want to use in your environment • Quick way to create VLANs
Strategic Security, Inc. © http://www.strategicsec.com/ VirtualBox Tips
Strategic Security, Inc. © http://www.strategicsec.com/ VirtualBox Tips • Building and running VirtualBox Headless with PHPVirtualbox • Creating Backups and clones of running VMs in VirtualBox • Using raw devices to create a Virtualbox VM • Setting up a serial port between VirtualBox VMs • Taking screenshots of VirtualBox VMs
Strategic Security, Inc. © http://www.strategicsec.com/ VirtualBox Tips • Building and running VirtualBox Headless with PHPVirtualbox • http://www.howtoforge.com/vboxheadless-running-virtual-machines-with-virtualbox-4.1-on-a-headless-ubuntu- 12.04-server • Creating Backups and clones of running VMs in VirtualBox • http://www.howtoforge.com/virtualbox-creating-backups-and-clones-of-running-virtual-machines-no-downtime-with-lvm- snapshots
Strategic Security, Inc. © http://www.strategicsec.com/ VirtualBox Tips • Using raw devices to create a Virtualbox VM • http://www.howtoforge.com/using-raw-devices-in-virtualbox-vms • Setting up a serial port between VirtualBox VMs • http://www.howtoforge.com/how-to-set-up-a-serial-port-between-two-virtual-machines-in-virtualbox • Taking screenshots of VirtualBox VMs • http://www.howtoforge.com/how-to-take-screenshots-of-virtualbox-vms
Strategic Security, Inc. © http://www.strategicsec.com/ Pentester Tips
Strategic Security, Inc. © http://www.strategicsec.com/ Pentester Tips • How to keep up with the latest vulnerabilities and exploits • Deciding what types of vulnerabilities to put in the network • Deciding how to design the network • Deciding what defensive measures to put into the network
Strategic Security, Inc. © http://www.strategicsec.com/ Keeping Up With Vulns • How to keep up with the latest vulnerabilities and exploits • Download the latest exploits and tools each week • Exploits • http://www.exploit-db.com/ • http://packetstormsecurity.com/files/tags/exploit/ • Tools • http://packetstormsecurity.com/files/tags/tool/ • http://www.securitytube-tools.net/ • http://sectools.org/
Strategic Security, Inc. © http://www.strategicsec.com/ Pentester Tips Deciding what types of vulnerabilities to put in the network • Focus on apps that you’ve heard of (popular apps) • Adobe • Apple • Microsoft • Oracle • Try not to use software that isn’t often found in a corporate environment • Know that a lot of the exploits on exploit-db and similar sites are people learning exploit dev Not all exploits in the frameworks are good • Metasploit, Core Impact, Saint, Canvas all scrape exploit-db and automatically port the exploits into the respective frameworks
Strategic Security, Inc. © http://www.strategicsec.com/ Pentester Tips • Deciding how to design the network
Strategic Security, Inc. © http://www.strategicsec.com/ Pentester Tips • Try for a simple flat architecture first • Wait a minute on the DMZs, routers, and switches • Most Cisco vulns are old • Most firewall vulns are even older • Focus on client-side apps and web apps
Strategic Security, Inc. © http://www.strategicsec.com/ Pentester Tips • Deciding what defensive measures to put into the network • I’d recommend Security Onion • References: • http://eatingsecurity.blogspot.com/2013/04/new-home-lab-configuration.html • http://eatingsecurity.blogspot.com/2013/04/home-lab-part-2-vmware-esxi-security.html • http://code.google.com/p/security-onion/wiki/Installation • Be sure to set Promiscuous Mode to Accept (REALLY IMPORTANT): • https://isc.sans.edu/diary/Running+Snort+on+VMWare+ESXi/15899
Strategic Security, Inc. © http://www.strategicsec.com/ Pentester Tips • How do you build infrastructure stuff (routers/firewalls)? • Pfsense • https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5 • Vyatta • http://www.vyatta.org/node/5958 • GNS3 • http://blog.davidvassallo.me/2010/11/18/creating-a-virtual-cisco-router- vmware-esx-gns3-linux/
Strategic Security, Inc. © http://www.strategicsec.com/ Pentester Tips • What are some good pentester lab resources • How to set up a penetration testing lab • http://information.rapid7.com/how-to-setup-a-pen-testing-lab.html?LS=615710 • How to setup a pentest lab and how to play CTF • http://www.slideshare.net/null0x00/how-to-setup-a-pen-test-lab-and-how-to-play-ctf
Strategic Security, Inc. © http://www.strategicsec.com/ Questions??????
Strategic Security, Inc. © http://www.strategicsec.com/ Contact Me.... Toll Free: 1-844-458-1008 Email: joe@strategicsec.com Twitter: http://twitter.com/j0emccray LinkedIn: http://www.linkedin.com/in/joemccray

More Related Content

PPTX
Wireless Pentesting: It's more than cracking WEP
byJoe McCray
 
PPTX
You Spent All That Money And Still Got Owned
byJoe McCray
 
PPTX
Big Bang Theory: The Evolution of Pentesting High Security Environments
byJoe McCray
 
PPTX
So you wanna be a pentester - free webinar to show you how
byJoe McCray
 
PPTX
Getting ready for a Capture The Flag Hacking Competition
byJoe McCray
 
PPTX
Advanced SQL Injection
byJoe McCray
 
PDF
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
byfangjiafu
 
PDF
Secure Coding for Java - An Introduction
bySebastien Gioria
 
Wireless Pentesting: It's more than cracking WEP
byJoe McCray
 
You Spent All That Money And Still Got Owned
byJoe McCray
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
byJoe McCray
 
So you wanna be a pentester - free webinar to show you how
byJoe McCray
 
Getting ready for a Capture The Flag Hacking Competition
byJoe McCray
 
Advanced SQL Injection
byJoe McCray
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
byfangjiafu
 
Secure Coding for Java - An Introduction
bySebastien Gioria
 

What's hot

PDF
The Internet of Insecure Things: 10 Most Wanted List
bySecurity Weekly
 
PDF
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
bySecurity Weekly
 
PDF
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
bySecurity Weekly
 
PPTX
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
byBlueHat Security Conference
 
PPT
Give Me Three Things: Anti-Virus Bypass Made Easy
bySecurity Weekly
 
PDF
Big Bang Theory: The Evolution of Pentesting High Security Environments
byChris Gates
 
PDF
Web Application Frewall
byAbhishek Singh
 
PPT
Survey Presentation About Application Security
byNicholas Davis
 
PPTX
Test & Tea : ITSEC testing, manual vs automated
byZoltan Balazs
 
PDF
SQL Injection - The Unknown Story
byImperva
 
PPTX
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
byCyber Security Alliance
 
PDF
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
byVladyslav Radetsky
 
PPTX
Pwn phone2014 jrs
bySecurity Weekly
 
PPTX
BlueHat v17 || You Are Making Application Whitelisting Difficult
byBlueHat Security Conference
 
PDF
Owasp advanced mobile-application-code-review-techniques-v0.2
bydrewz lin
 
PPTX
Bug Bounty #Defconlucknow2016
byShubham Gupta
 
PDF
CMS Hacking Tricks - DerbyCon 4 - 2014
byGreg Foss
 
PDF
Secure Coding For Java - Une introduction
bySebastien Gioria
 
PDF
15 years through Infosec
bySaumil Shah
 
The Internet of Insecure Things: 10 Most Wanted List
bySecurity Weekly
 
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
bySecurity Weekly
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
bySecurity Weekly
 
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
byBlueHat Security Conference
 
Give Me Three Things: Anti-Virus Bypass Made Easy
bySecurity Weekly
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
byChris Gates
 
Web Application Frewall
byAbhishek Singh
 
Survey Presentation About Application Security
byNicholas Davis
 
Test & Tea : ITSEC testing, manual vs automated
byZoltan Balazs
 
SQL Injection - The Unknown Story
byImperva
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
byCyber Security Alliance
 
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
byVladyslav Radetsky
 
Pwn phone2014 jrs
bySecurity Weekly
 
BlueHat v17 || You Are Making Application Whitelisting Difficult
byBlueHat Security Conference
 
Owasp advanced mobile-application-code-review-techniques-v0.2
bydrewz lin
 
Bug Bounty #Defconlucknow2016
byShubham Gupta
 
CMS Hacking Tricks - DerbyCon 4 - 2014
byGreg Foss
 
Secure Coding For Java - Une introduction
bySebastien Gioria
 
15 years through Infosec
bySaumil Shah
 

Similar to Building a low cost hack lab

PDF
VMware Cookbook A Real World Guide to Effective VMware Use Second Edition Rya...
bylhkbossic
 
PDF
Exploring VMware APIs by Preetham Gopalaswamy
byAlan Renouf
 
PPTX
Rht v sphere-security
bymikeponderosa
 
PDF
RHT Design for Security
byvirtualsouthwest
 
PPT
Fulcrum Group Virtualization How does It Fit
bySteve Meek
 
PPTX
Virtualization 101 - DeepDive
byAmit Agarwal
 
PPT
Why Security Teams should care about VMware
byJJDiGeronimo
 
ODP
Virtually Pwned
byClaudio Criscione
 
PDF
Aplura virtualization slides
byThe Linux Foundation
 
PPTX
Transitioning to vmWare ESXi
byJose Antonio Chavez Verdin
 
PPTX
State of virtualisation -- 2012
byJonathan Sinclair
 
ODP
VM201 - IdoSphere
byCarl Tyler
 
PDF
VCP5 vs VCP4 Blue Print
bySathishkumar A
 
PPTX
V mware v sphere 5 fundamentals services kit
bysolarisyougood
 
PDF
FIWARE Tech Summit - FIWARE Lab Cloud
byFIWARE
 
PPTX
2015.09.23 - CHIVMUG UserCon Small Business & Virtualization
byPaul Woodward Jr
 
PDF
Esx configuration guide
byNaga Raju N
 
PPTX
Denver VMUG nov 2011
byDan Brinkmann
 
PDF
Securing your Cloud with Xen - SUSECon 2013
byThe Linux Foundation
 
PPTX
Virtual Infrastructure Overview
byvalerian_ceaus
 
VMware Cookbook A Real World Guide to Effective VMware Use Second Edition Rya...
bylhkbossic
 
Exploring VMware APIs by Preetham Gopalaswamy
byAlan Renouf
 
Rht v sphere-security
bymikeponderosa
 
RHT Design for Security
byvirtualsouthwest
 
Fulcrum Group Virtualization How does It Fit
bySteve Meek
 
Virtualization 101 - DeepDive
byAmit Agarwal
 
Why Security Teams should care about VMware
byJJDiGeronimo
 
Virtually Pwned
byClaudio Criscione
 
Aplura virtualization slides
byThe Linux Foundation
 
Transitioning to vmWare ESXi
byJose Antonio Chavez Verdin
 
State of virtualisation -- 2012
byJonathan Sinclair
 
VM201 - IdoSphere
byCarl Tyler
 
VCP5 vs VCP4 Blue Print
bySathishkumar A
 
V mware v sphere 5 fundamentals services kit
bysolarisyougood
 
FIWARE Tech Summit - FIWARE Lab Cloud
byFIWARE
 
2015.09.23 - CHIVMUG UserCon Small Business & Virtualization
byPaul Woodward Jr
 
Esx configuration guide
byNaga Raju N
 
Denver VMUG nov 2011
byDan Brinkmann
 
Securing your Cloud with Xen - SUSECon 2013
byThe Linux Foundation
 
Virtual Infrastructure Overview
byvalerian_ceaus
 

Recently uploaded

PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
AI in the Real World: From University to Industry
byDarvan Shvan
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
final.pdf
byomarbishtawi04
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
AI in the Real World: From University to Industry
byDarvan Shvan
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
final.pdf
byomarbishtawi04
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 

Building a low cost hack lab

  • 1.
    Strategic Security, Inc.© http://www.strategicsec.com/ Building A Low Cost HackLab Presented By: Joe McCray joe@strategicsec.com http://www.linkedin.com/in/joemccray http://twitter.com/j0emccray
  • 2.
    Strategic Security, Inc.© http://www.strategicsec.com/ Building A Low Cost HackLab What we will be covering today: • Hardware Tips • Software Tips • VMWare Tips • VirtualBox Tips • Pentester Tips
  • 3.
    Strategic Security, Inc.© http://www.strategicsec.com/ Hardware Tips
  • 4.
    Strategic Security, Inc.© http://www.strategicsec.com/ Hardware Tips • Should you use an old machine/old laptop • Should you build a whitebox for this • What types of hardware should you buy
  • 5.
    Strategic Security, Inc.© http://www.strategicsec.com/ Hardware Tips • Should you use an old machine/old laptop You can use an old laptop, but if you want to be able to run a few VMs at a time you’d probably want something more robust.
  • 6.
    Strategic Security, Inc.© http://www.strategicsec.com/ Hardware Tips • Should you build a whitebox for this • What types of hardware should you buy? Check out a ShuttleBox • http://www.amazon.com/exec/obidos/ASIN/B004UC4HCG/virtuinsan-20 Here is a good walk-through for building ESXi • http://www.ryanbirk.com/the-perfect-vmware-vsphere-5-homelab/
  • 7.
    Strategic Security, Inc.© http://www.strategicsec.com/ Software Tips
  • 8.
    Strategic Security, Inc.© http://www.strategicsec.com/ Software Tips • Where do you get all of the operating systems from? • Where do you get all of the vulnerable applications from?
  • 9.
    Strategic Security, Inc.© http://www.strategicsec.com/ Software Tips • Where do you get all of the operating systems from? • Expensive: • http://msdn.microsoft.com/en-us/subscriptions/aa718661 • Cheap: • http://books.half.ebay.com/ • Buy used books on Operating Systems with the CD/DVD still in them
  • 10.
    Strategic Security, Inc.© http://www.strategicsec.com/ Software Tips • Where do you get all of the vulnerable applications from • http://www.oldapps.com/ • Common vulnerable Targets that people use: • Metasploitable http://sourceforge.net/projects/metasploitable/files/Metasploitable2/ • Web Security Dojo http://sourceforge.net/projects/websecuritydojo/ • OWASP Hackademics http://code.google.com/p/owasp-hackademic-challenges/ • WebMaven https://www.mavensecurity.com/WebMaven/ • Moth http://www.bonsai-sec.com/en/research/moth.php • DVWA http://www.dvwa.co.uk/ • De-ICE http://hackingdojo.com/pentest-media/
  • 11.
    Strategic Security, Inc.© http://www.strategicsec.com/ VMWare Tips
  • 12.
    Strategic Security, Inc.© http://www.strategicsec.com/ VMWware Tips • Creating linked clones in ESXI • Deploying Snort or Surricata in ESXI • vSwitch features that you may want to use in your environment
  • 13.
    Strategic Security, Inc.© http://www.strategicsec.com/ VMWware Tips • Creating linked clones in ESXI • https://github.com/kernelsmith/env-customization/blob/master/esxi/ghetto-esxi-linked-clones.sh • http://nchrissos.wordpress.com/2013/04/22/cloning-a-vm-without-vcenter-in-esxi-5-1-free-edition/ • http://www.virtuallyghetto.com/2012/09/creating-se-sparse-linked-clones-using.html
  • 14.
    Strategic Security, Inc.© http://www.strategicsec.com/ VMWware Tips • Creating linked clones in ESXI • Deploying Snort or Surricata in ESXI • vSwitch features that you may want to use in your environment
  • 15.
    Strategic Security, Inc.© http://www.strategicsec.com/ VMWware Tips • Creating linked clones in ESXI on the cheap (FREE is good) • https://communities.vmware.com/docs/DOC-9202?tstart=7450 • Deploying Snort or Surricata in ESXI • https://isc.sans.edu/diary/Running+Snort+on+VMWare+ESXi/15899 • vSwitch features that you may want to use in your environment • VLANs
  • 16.
    Strategic Security, Inc.© http://www.strategicsec.com/ VMWware Tips • What a vSwitch is and is not • vSwitch features such as VLAN trunking, link bonding, frame forwarding • no STP, limited QoS, no SPAN or RSPAN, no NetFLOW / sFLOW etc, no filtering, no VACL and so on • Reference: • http://etherealmind.com/vmware-vswitch-does-not-scale-design/ • vSwitch features that you may want to use in your environment • Quick way to create VLANs
  • 17.
    Strategic Security, Inc.© http://www.strategicsec.com/ VirtualBox Tips
  • 18.
    Strategic Security, Inc.© http://www.strategicsec.com/ VirtualBox Tips • Building and running VirtualBox Headless with PHPVirtualbox • Creating Backups and clones of running VMs in VirtualBox • Using raw devices to create a Virtualbox VM • Setting up a serial port between VirtualBox VMs • Taking screenshots of VirtualBox VMs
  • 19.
    Strategic Security, Inc.© http://www.strategicsec.com/ VirtualBox Tips • Building and running VirtualBox Headless with PHPVirtualbox • http://www.howtoforge.com/vboxheadless-running-virtual-machines-with-virtualbox-4.1-on-a-headless-ubuntu- 12.04-server • Creating Backups and clones of running VMs in VirtualBox • http://www.howtoforge.com/virtualbox-creating-backups-and-clones-of-running-virtual-machines-no-downtime-with-lvm- snapshots
  • 20.
    Strategic Security, Inc.© http://www.strategicsec.com/ VirtualBox Tips • Using raw devices to create a Virtualbox VM • http://www.howtoforge.com/using-raw-devices-in-virtualbox-vms • Setting up a serial port between VirtualBox VMs • http://www.howtoforge.com/how-to-set-up-a-serial-port-between-two-virtual-machines-in-virtualbox • Taking screenshots of VirtualBox VMs • http://www.howtoforge.com/how-to-take-screenshots-of-virtualbox-vms
  • 21.
    Strategic Security, Inc.© http://www.strategicsec.com/ Pentester Tips
  • 22.
    Strategic Security, Inc.© http://www.strategicsec.com/ Pentester Tips • How to keep up with the latest vulnerabilities and exploits • Deciding what types of vulnerabilities to put in the network • Deciding how to design the network • Deciding what defensive measures to put into the network
  • 23.
    Strategic Security, Inc.© http://www.strategicsec.com/ Keeping Up With Vulns • How to keep up with the latest vulnerabilities and exploits • Download the latest exploits and tools each week • Exploits • http://www.exploit-db.com/ • http://packetstormsecurity.com/files/tags/exploit/ • Tools • http://packetstormsecurity.com/files/tags/tool/ • http://www.securitytube-tools.net/ • http://sectools.org/
  • 24.
    Strategic Security, Inc.© http://www.strategicsec.com/ Pentester Tips Deciding what types of vulnerabilities to put in the network • Focus on apps that you’ve heard of (popular apps) • Adobe • Apple • Microsoft • Oracle • Try not to use software that isn’t often found in a corporate environment • Know that a lot of the exploits on exploit-db and similar sites are people learning exploit dev Not all exploits in the frameworks are good • Metasploit, Core Impact, Saint, Canvas all scrape exploit-db and automatically port the exploits into the respective frameworks
  • 25.
    Strategic Security, Inc.© http://www.strategicsec.com/ Pentester Tips • Deciding how to design the network
  • 26.
    Strategic Security, Inc.© http://www.strategicsec.com/ Pentester Tips • Try for a simple flat architecture first • Wait a minute on the DMZs, routers, and switches • Most Cisco vulns are old • Most firewall vulns are even older • Focus on client-side apps and web apps
  • 27.
    Strategic Security, Inc.© http://www.strategicsec.com/ Pentester Tips • Deciding what defensive measures to put into the network • I’d recommend Security Onion • References: • http://eatingsecurity.blogspot.com/2013/04/new-home-lab-configuration.html • http://eatingsecurity.blogspot.com/2013/04/home-lab-part-2-vmware-esxi-security.html • http://code.google.com/p/security-onion/wiki/Installation • Be sure to set Promiscuous Mode to Accept (REALLY IMPORTANT): • https://isc.sans.edu/diary/Running+Snort+on+VMWare+ESXi/15899
  • 28.
    Strategic Security, Inc.© http://www.strategicsec.com/ Pentester Tips • How do you build infrastructure stuff (routers/firewalls)? • Pfsense • https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5 • Vyatta • http://www.vyatta.org/node/5958 • GNS3 • http://blog.davidvassallo.me/2010/11/18/creating-a-virtual-cisco-router- vmware-esx-gns3-linux/
  • 29.
    Strategic Security, Inc.© http://www.strategicsec.com/ Pentester Tips • What are some good pentester lab resources • How to set up a penetration testing lab • http://information.rapid7.com/how-to-setup-a-pen-testing-lab.html?LS=615710 • How to setup a pentest lab and how to play CTF • http://www.slideshare.net/null0x00/how-to-setup-a-pen-test-lab-and-how-to-play-ctf
  • 30.
    Strategic Security, Inc.© http://www.strategicsec.com/ Questions??????
  • 31.
    Strategic Security, Inc.© http://www.strategicsec.com/ Contact Me.... Toll Free: 1-844-458-1008 Email: joe@strategicsec.com Twitter: http://twitter.com/j0emccray LinkedIn: http://www.linkedin.com/in/joemccray