Tweet
Re: Building a VMware Security Lab
Another software series that is helpful for a pen test lab are the Foundstone Hacme products. These are not an "OS" per se, but rather are sales and services web site emulations that have vulnerabilities, and can be attacked. They contain a website and processing backend for the various products and services. The require that you have valid, licensed copies of Windows XP Pro or Win2000.
Hacme Travel™v1.0
Hacme Bank™v2.0
Hacme Shipping™v1.0
Hacme Casino™v1.0
Hacme Books™v2.0
Foundstone also has some other nice tools on their site.
It's probably needless to say, but for the sake of caution, do NOT run these on anything but an isolated lab network. Otherwise, the flawed sites -and your network- would be open to the world.
One other tool that I've found indispensable in my lab is PING (Partimage Is Not Ghost). It is an HD imaging LiveCD. I have images of several licensed copies of Windows and other OS variants which are imaged to a an external USB hard drive.
PING allows me to have a install of a given OS (with or without things like the Foundstone products), and be able to attack it, hack it, and break services to my heart's content, and then restore it to the base OS in a matter of minutes once I'm done without having to go through a complete re-install from CD.
Another software series that is helpful for a pen test lab are the Foundstone Hacme products. These are not an "OS" per se, but rather are sales and services web site emulations that have vulnerabilities, and can be attacked. They contain a website and processing backend for the various products and services. The require that you have valid, licensed copies of Windows XP Pro or Win2000.
Hacme Travel™v1.0
Hacme Bank™v2.0
Hacme Shipping™v1.0
Hacme Casino™v1.0
Hacme Books™v2.0
Foundstone also has some other nice tools on their site.
It's probably needless to say, but for the sake of caution, do NOT run these on anything but an isolated lab network. Otherwise, the flawed sites -and your network- would be open to the world.
One other tool that I've found indispensable in my lab is PING (Partimage Is Not Ghost). It is an HD imaging LiveCD. I have images of several licensed copies of Windows and other OS variants which are imaged to a an external USB hard drive.
PING allows me to have a install of a given OS (with or without things like the Foundstone products), and be able to attack it, hack it, and break services to my heart's content, and then restore it to the base OS in a matter of minutes once I'm done without having to go through a complete re-install from CD.
Comment