RE: [lists] Looking to set up an infosec lab

From: Curt Purdy (purdy@tecman.com)
Date: Thu Aug 02 2007 - 08:56:40 EDT

• Next message: lists73@skilltube.com: "Re: Analize Virus"
• Previous message: Rafa Richart: "Re[2]: Analize Virus"
• In reply to: John M. Martinelli: "Looking to set up an infosec lab"
• Next in thread: IRM: "Tools for pen test,"
• Reply: IRM: "Tools for pen test,"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Our lab is a dual dual-core Opteron (4 procs) w/16 gb RAM running SuSE Linux
10.2 w/VMWare ESX Server (have not run Windoze on bare metal for 4 years -
thus have not had to re-install in 4 years :)

I then run about a dozen OS's including every version of Windoze, a few
*NIX's and Novell. I have images of every guest for quick re-install (10-30
minutes per, depending on size). I then turn malware loose on a Windoze box
and watch it infect the other boxes, depending on the propogation mode. Of
course the *NIX and Novell boxes never skip a beat.

Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA
202.302.6032
infosysec@gmail.com
purdy@tecman.com

-------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke
 

> -----Original Message-----
> From: listbounce@securityfocus.com
> [mailto:listbounce@securityfocus.com] On Behalf Of John M. Martinelli
> Sent: Monday, July 30, 2007 9:40 PM
> To: pen-test@securityfocus.com
> Subject: [lists] Looking to set up an infosec lab
>
> Hi, list.
>
> A few of the previous e-mails going out on the mailing list got my
> attention - I'm interested in building a moderate hacklab to conduct
> mock attacks, intrusion detection, detection evasion, etcetera. My
> hardware situation allows me to deploy a VMware or Parallels lab -
> what kind of machines would you set up in my situation?
>
> I plan on having a few Windows machines - perhaps a '98 box, a 2000
> box, and an XP box. As far as Linux, I'd like to set up a Zoot
> (RedHat 6.2) and BSD box, but beyond that I'm asking for advice.
> Which flavors would you put up for conducting general vulnerability
> testing?
>
> Thanks,
> John Martinelli
> RedLevel.org Security
>
> --------------------------------------------------------------
> ----------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> --------------------------------------------------------------
> ----------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: lists73@skilltube.com: "Re: Analize Virus"
• Previous message: Rafa Richart: "Re[2]: Analize Virus"
• In reply to: John M. Martinelli: "Looking to set up an infosec lab"
• Next in thread: IRM: "Tools for pen test,"
• Reply: IRM: "Tools for pen test,"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:59 EDT