Purpose: Create a safe, cheap, and easy to build environment to pentest.

Logistics: Server space for downloads. I will provide until my service protests.

Overview: With input from the "Experts" section here, I would like to build Virtual Machines for use with XenServer Community Edition. Each Virtual Appliance will encompass a major system. The appliances should be "hardened" but not impossible.

Anything built and served with the intention of discussion on the forums should be open-source, so Windows VMs are out. However I can put together a "how to" tutorial for creating a flexible install locally for those with valid licenses.

Motivation: Many of the beginners here pop in the LiveCD and start intruding on systems they don't have a legal right to intrude on. You can search through the forums and pick out users like this. Many are ostracized, rightfully so. This won't cause them to stop attempting to penetrate systems. This just causes them to start running tools aimlessly and eventually will bring some sort of legal problems.

Creation of these appliances will be double edged. For professionals, we can test a system before deploying it on a live network. For beginners, it will create a safe environment to learn.

For the community, it will provide a bit of top cover. As with the sale of smart card readers, prosecution stated "There is no other use for these tools, except for the circumvention of encryption." Fortunately, this was provably false. If we provide tools for professional development, we have one more "straw in the hat" of legitimacy.

Enough with errata, I'll continue with nuts and bolts in the next post.