The document discusses setting up a virtual testing environment using VMware ESXi. It provides information on hardware requirements, virtualization platform options, and how to install and configure VMware ESXi. It also discusses obtaining offensive, forensic, vulnerability and virtual appliance distributions and converting them to a format compatible with the ESXi hypervisor. The goal is to help security professionals practice their skills using a virtual lab environment to increase their knowledge and make them more attractive candidates for information security jobs.

1. Step On In,
The Water’s Fine!
An Introduction To
Security Testing Within A
Virtualized Environment

3. Thank You!
…to all of the crew that has a
part in this amazing
conference!

4. About Me:
• Tom Moore – Twitter: @c0ncealed
• Christian, Husband, & Father
• Red Team / Penetration Tester
• High Hack Society / Proverbs Hackers
/ 304Geek
• Unrelenting G33K
• 2nd Amendment Supporter
• Should in NO WAY be considered an
expert in anything that I may say. =)
• SUPPORT HACKERS FOR CHARITY!

5. Agenda:
My goal is to provide
meaningful information in
the area of virtualized testing
environment options. I also wish
to convey why an understanding
of this subject is vastly needed
and for the most part easily
attainable, even though the
subject is often avoided
or overlooked.

6. Disclaimer:

7. Disclaimer:

8. Disclaimer:

9. Disclaimer:

10. Role Playing:
You are applying for a role within an
organization’s Information Security
Group...
One of the questions that a reputable
organization ‘should’ ask you would be:
“What you are doing to either maintain,
or increase your relevant skill-set?”
What is your response?

11. What Is Needed:
Candidates for employment that not only
have a degree or relevant certifications,
but also possess a true working
knowledge of how to leverage their
toolsets to achieve the expected goal.

12. What Can Be Done:
Security Professionals in training need to
take a more direct approach towards
ensuring that they understand not only
the tools introduced to them, but also
the underlying architectures that they
operate on.
A more informed candidate is what is
being sought after in today’s Information
Security job market.

13. How This Can Be
Accomplished:

14. What Is Needed:
Candidates for employment that not only
have a degree or relevant certifications,
but also possess a true working
knowledge of how to leverage their
toolsets to achieve the expected goal.
Credit: CSOOnline.com - http://www.csoonline.com/article/2146363/security-leadership/self-taught-hackers-rule.html

15. What Is Needed:
Candidates for employment that not only
have a degree or relevant certifications,
but also possess a true working
knowledge of how to leverage their
toolsets to achieve the expected goal.
Credit: CSOOnline.com - http://www.csoonline.com/article/2146363/security-leadership/self-taught-hackers-rule.html

16. What Is Needed:
Candidates for employment that not only
have a degree or relevant certifications,
but also possess a true working
knowledge of how to leverage their
toolsets to achieve the expected goal.
Credit: CSOOnline.com - http://www.csoonline.com/article/2146363/security-leadership/self-taught-hackers-rule.html

17. How You Can Get There:
Practice… Practice… Practice…
Where You Can Practice:

18. How You Can Get There:
Practice… Practice… Practice…
Where You Can Practice:

19. How You Can Get There:
Practice… Practice… Practice…
Where You Can Practice:
Set up your own virtual lab!
• The cost is well worth the gain
• There are many open-source solutions
• Many toolset distributions now use
virtual machines as primary medium
• A wide variety of vulnerable
environments are also available for
your learning pleasure

20. Need Another Reason?:
More and more, the
physical environments
are going away!

21. Definition of Terms:
Hypervisor:
A hypervisor is a virtual machine
monitor (VMM).
It is generally a piece of computer
software, firmware, or hardware that
creates and runs virtual machines.
A computer on which a hypervisor is
running is defined as a host machine.
The virtual machines that run on this
host are referred to as guest machines.

22. Definition of Terms:
Virtual Machine:
A virtual machine (VM) is a software
based emulation of a computer.
Virtual machines generally operate
based on the architecture and functions
of a real computer.

23. Definition of Terms:
Snapshot:
A snapshot preserves the state and data
of a virtual machine at a specific point in
time.
The state includes the VM’s power state.
(ex: powered-on, powered-off, or
suspended)
The data includes all of the files that
make up the VM. This includes disks,
memory, and other devices, such as
virtual network interface cards.

24. Definition of Terms:
Snapshot:
A snapshot preserves the state and data
of a virtual machine at a specific point in
time.
The state includes the VM’s power state.
(ex: powered-on, powered-off, or
suspended)
The data includes all of the files that
make up the VM. This includes disks,
memory, and other devices, such as
virtual network interface cards.

25. Definition of Terms:
Snapshot:
A snapshot preserves the state and data
of a virtual machine at a specific point in
time.
The state includes the VM’s power state.
(ex: powered-on, powered-off, or
suspended)
The data includes all of the files that
make up the VM. This includes disks,
memory, and other devices, such as
virtual network interface cards.

26. Definition of Terms:
Bridged / NAT / Host Only :
The options available to configure virtual
network adapters within VM’s.
Bridged: Binds the virtual network adapter directly
to your physical ethernet adapter. The VM will obtain
DHCP lease from the physical network.
NAT: Binds the virtual network adapter behind a NAT
environment. Obtains internal DHCP address and
shares the physical ethernet adapter’s public IP
address for external communication.
Host Only: Allows internal network communication
only. DHCP lease obtained behind internal NAT.

27. Let’s Get Technical:
Enough with the hypothetical, let’s get
into the bits… cause this bytes… =P
Structure for the approach:
• Hardware considerations
• Virtualization platform options
• Example set-up of Vmware ESXi
• Offensive or Forensic Distributions
• Ex: Kali, SamuraiWTF, SIFT, etc.
• Virtual Appliances
• Vulnerable Distributions
• Ex: Metasploitable 2 or NOWASP

28. Hardware Considerations:
• While the CPU speeds do matter, they
will not be your primary concern.
• A quad-core CPU is recommended.
• What you will need plenty of are:
• Memory (RAM)
• Hypervisors are memory hogs.
• Hard Drive Capacity (HDD)
• VM’s range drastically in size,
especially when Snapshotted.
• A sufficient Power Supply will need to
be accounted for based on the above
specifications.

29. Virtualization Platforms:
• VMware Fusion (Mac)
• VMware Player/Workstation (Win/Linux)
• VMware ESXi/ESX (Server)
• Parallels (Mac)
• Oracle VirtualBox (Mac/Win/Linux)
• ProxMox (Server, running OpenVZ as guest)
• XenServer (Server, running OpenVZ as guest)
This list should not be considered all-inclusive.
These are simply platforms that I have tested and
that are for the most part easily attainable.

30. VMware ESXi Setup:
• For our example, I have set up a
VMware ESXi Hypervisor on this
MacBook Pro system.
• System Specs:
• CPU: Quad-core Intel i7 2GHz
• RAM: 16GB 1333MHz DDR3
• HDD: WD Black 500GB 7200 RPM
• VMware ESXi is free for educational
purposes. Register on vmware.com for
a license key.

31. VMware ESXi Setup:
• Further Information…
• This installation is performed by
using the following configuration:
•VMware ESXi .iso image is on host
MacBook Pro.
•Created a New virtual machine
within VMware Fusion.
•Set the ESXi .iso as the boot media
for the VM.
• (This is being done this way for
demonstration purposes. If you have
physical hardware for ESXi, use that)

32. VMware ESXi Setup:

33. VMware ESXi Setup:

34. VMware ESXi Setup:

53. VMware ESXi Management:
• The one disadvantage to using
VMware ESXi, in my opinion, is that
the most effective management
interface is in the form of a Windows
fat client.
• Due to this, we will also go through
the process of setting up a Windows 8
VM with the VMware vSphere Client as
well as the VMware vCenter Converter
Standalone application.
• This will be our ESXi management VM.

54. VMware ESXi Management:
• Further Information…
• This installation is performed by
using the following configuration:
•Windows 8.1 .iso image is on host
MacBook Pro.
•Created a New virtual machine
within VMware Fusion.
•Set the Windows 8.1 .iso as the
boot media for the VM.
• (This is done so that we don’t have to
have a physical Windows box for ESXi
Management.)

55. VMware ESXi Management:

89. VMware ESXi Management:

90. VMware ESXi Management:
• Now we will register VMware ESXi
Server through the vSphere Client.
• The key should have been obtained
when you registered for your
vmware.com account and downloaded
your ESXi iso files and binaries.
• When its registered, you will see the
status message in the bottom right-hand
corner of the client disappear.

98. VMware ESXi Management:
• Now we will setup VMware vCenter
Converter Standalone.
• This will be used to convert VMware
images into an ESXi format.
• It will also transfer VM’s over to our
ESXi Server after conversion.

114. Offensive / Forensic
D• isKtarlii bLuintuiox ns:
• Arch Assault
• Pentoo
• SamuraiWTF
• MobiSec
• Backbox Linux
• Blackbuntu
• BlackArch Linux
• REMnux
• SIFT Workstation
• DEFT Linux
• CAINE

116. Offensive / Forensic
D• isStcrriebeunstihoontss! :

117. Virtual Appliances:
• Routers / Switches
• Vyatta
• Firewalls
• pfSense
• Intrusion Prevention Systems
• Intrusion Detection Systems
• SecurityOnion
• Security Incident and Event Monitoring
• AlienVault OSSIM

120. Vulnerable Distributions:
• Metasploitable 2
• NOWASP Mutillidae
• OWASP Broken Web Apps
• Web Security DoJo
• HADES
• VulnVOiP
• VulnVPN
• Dexter
• Brainpan
• Relativity

121. Vulnerable Distributions:
• VulnHub
www.vulnhub.com
• Credit: g0tm1lk

122. Vulnerable Distributions:

123. Vulnerable Distributions:
• Leveraging VulnHub.com, we will pull
down a copy of Metasploitable2 as our
vulnerable guest distribution.
• Now we will use VMware vCenter
Converter Standalone to convert our
new vulnerable image and then push
it to our ESXi server.

145. Vulnerable Distributions:
• Now let’s spin it up!
• Once we have the Metasploitable 2 VM
powered on, we will go back to our
Kali VM within VMware Fusion.
• From the Kali offensive VM, let’s scan
the virtual DHCP range looking for our
new vulnerable guest machine!

149. Congratulations!:

150. Congratulations!:
• You have just gone through the
process of setting up a virtual testing
lab with a VMware ESXi hypervisor!
• You have a Windows VM set up to
manage your hypervisor.
• You know where to obtain your
Offensive, Appliance, and Vulnerable
distributions and VMs.
• You also know how to convert and
transfer them to your ESXi server!
• You then saw how easy it was to
enumerate guests from your Kali VM!

151. Summary:
• InfoSec Recruiters for organizations
are looking for candidates that KNOW
how to leverage the needed tools to
perform an assessment.
• You can teach yourself skills that may
not be covered in most curriculums
through the use of Virtual
Environments.
• It takes time, it’s not easy, but it will
pay off.
• YOU CAN DO IT!

152. Summary:
• InfoSec Recruiters for organizations
are looking for candidates that KNOW
how to leverage the needed tools to
perform an assessment.
• You can teach yourself skills that may
not be covered in most curriculums
through the use of Virtual
Environments.
• It takes time, it’s not easy, but it will
pay off.
• YOU CAN DO IT!

153. Resources:
• Virtualization Platforms
• VMware ESXi Download -
https://my.vmware.com/web/vmware/info/slug/datacenter_clo
ud_infrastructure/vmware_vsphere_hypervisor_esxi/5_5
• VMware Free vSphere Registration -
https://my.vmware.com/web/vmware/evalcenter?p=free-esxi5&
lp=default
• VMware Player -
https://my.vmware.com/web/vmware/free#desktop_end_user
_computing/vmware_player/4_0
• VMware Fusion - http://www.vmware.com/products/fusion
• VMware Workstation -
https://my.vmware.com/web/vmware/info/slug/desktop_end_u
ser_computing/vmware_workstation/10_0
• Parallels - http://www.parallels.com/landingpage/pd/general/
• Oracle VirtualBox -
https://www.virtualbox.org/wiki/Downloads
• ProxMox VE - http://www.proxmox.com/downloads/
• Citrix XenServer -
http://www.citrix.com/products/xenserver/try.html

154. Resources:
• Offensive Distributions
• Kali Linux - http://www.kali.org/downloads/
• Arch Assault - https://archassault.org/download/
• Pentoo - http://www.pentoo.ch/download/
• SamuraiWTF - http://sourceforge.net/projects/samurai/
• MobiSec - http://sourceforge.net/projects/mobisec/files/
• Backbox Linux - http://www.backbox.org/downloads
• Blackbuntu - http://sourceforge.net/projects/blackbuntu/
• Blackarch Linux - http://blackarch.org/download.html
• REMnux - http://sourceforge.net/projects/remnux/
• SIFT Workstation - http://digital-forensics.
sans.org/community/downloads
• Deft Linux - http://www.deftlinux.net/download/
• CAINE - http://www.caine-live.net/page5/page5.html

155. Resources:
• Virtual Appliances
• VMware VA Marketplace -
https://solutionexchange.vmware.com/store/category_groups/
19
• Turnkey Linux - http://www.turnkeylinux.org/it-infrastructure
• ShareVM - http://sharevm.wordpress.com/2009/09/25/top-ten-
vmware-virtual-appliances-for-security/
• Vyatta - http://www.brocade.com/forms/jsp/vyatta-download/
index.jsp
• pfSense - https://www.pfsense.org/download/
• Security Onion - http://sourceforge.net/projects/security-onion/
• AlienVault OSSIM - http://www.alienvault.com/open-threat-exchange/
projects

156. Resources:
• Vulnerable Distributions
• VulnHub- http://www.vulnhub.com
(Many worth mentioning, but this site will get you there)

157. One More Thing:
• If you want to experience another
amazing conference with the same feel
as DerbyCon, go to Hack3rCon!
• When: November 14-16, 2014
• Where: Charleston, WV
• Web: www.hack3rcon.org
• Twitter: @hack3rcon

158. I’m Out:
THANK YOU!

159. Contact Info:
• Name: Tom Moore
• E-mail: c0ncealedx64@gmail.com
• Twitter: @c0ncealed
• Slides:
THANK YOU!