Results 1 to 3 of 3

Thread: Pen-Test lab/sandbox/playground questions

  1. #1
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    2

    Default Pen-Test lab/sandbox/playground questions

    Hello. This is my first post, but I've been following/playing with BT for about a year now. I was introduced to it while in a course offered by my employer (which also garnered me the SANS GSEC cert), but haven't had a much opportunity to safely practice the various skills taught and learned due to an organizational shift in focus after I got back from the course. I don't want to lose any more of the knowledge/information I'd learned, basic as it may be, to the fact that I don't practice on a daily basis.

    I have a couple of questions, all of which are in regards to pentesting. I want to ensure that when I practice, it's both legal (permission granted, etc) and safe (no chance of any malware escaping into the unknown or my network).

    1) Is there an online pentest "playground" that is there for the purpose of allowing pentesters to (legally) practice/hone their skills? I don't think this is likely, and if there is one, it's probably not free. This solution would, however, be the simplest solution to my needs.

    2) My brother is much more experienced with Virtual Machines than I am and suggested that he might be able to set up a VM environment I could practice on. However, we don't live in the same house, much less reside on the same network (outside of a common ISP). Would setting something like this up be possible? How difficult would it be if so?

    3) I've looked around the forums for the past couple of weeks while I have had the time, searching for possible solutions to my needs (all while trying not to get distracted by other topics of interest). I'd found the De-ICE Live-CD post and registered at the forum there. I'll be downloading the CDs when the opportunity arises. Are these CDs worthwhile?

    My basic problem is that I don't want to run afoul of the law when practicing penetration testing. I don't want to "release anything into the wild," and definitely not onto my own (or brother's) networks.

    Are local VMs the best/only method for practicing? How difficult, and/or costly, would it be to set up a separate network dedicated solely to pentesting and what would be the minimum needed to be effective?

    I know, first post and lots of questions. I've tried Googling for this, but as I tell everyone I've worked with for the last few years, my Google-fu is VERY weak. What I normally come across is either years old and/or funded IT shops asking the question when tasked to set up a test lab for their company.

    Any information or insights would be greatly appreciated. I apologize for such a long post.

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    2

    Default

    Thanks, Thorin. I'll check those out as I have free time.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •