SlideShare ist ein Scribd-Unternehmen logo

How to Setup A Pen test Lab and How to Play CTF

n|u - The Open Security Community
n|u - The Open Security Community

How to Setup A Pen test Lab and How to Play CTF by Anant Shrivastava @ null Pune Meet, August 2011

Technologie
1 von 22
Downloaden Sie, um offline zu lesen
By Anant Shrivastava http://anantshri.info
What is a Pen test Lab  A Pen testing Lab just like any other lab is a controlled environment where behavioral or operational patterns of a object / application could be studied for enhancement of skill / knowledge of the practitioner.  More specifically we try to create a replica of Wild Wild West and try to study it in a controlled manner Presentation by Anant Shrivastava for Null 2
Why  Give me six hours to chop down a tree and I will spend the first four sharpening the axe. -Abraham Lincoln  Practice enhances perfection  Do I need to say more….. Presentation by Anant Shrivastava for Null 3
What we will be practicing  A pentest lab could be a generalized lab or focused lab towards one single approach.  Such as  network testing  web app testing  malware analysis  mobile analysis  More and more… Presentation by Anant Shrivastava for Null 4
Standards good to know  OWASP – Open Web Application Security Project  OSSTMM - Open Source Security Testing Methodology Manual  ISO 27001 – auditing standard : (protection mechanism postmortem details). Presentation by Anant Shrivastava for Null 5
Lets Get Started  What are the basic requirements of a Pentest Lab.  Network  2-3 PC  Some vulnerable stuff.  Some toolset.  And of course a Twisted mind  Presentation by Anant Shrivastava for Null 6
Approach 1  Purchase a Switch/Router  Keep two powerful computers make one as target another as attacker.  PC target : could be loaded with prebuilt vulnerable software stacks. (examples ahead)  PC attack : load it with self build tool chain or prebuilt tool chain. Presentation by Anant Shrivastava for Null 7
Approach 2  Virtualization  1 Powerful Laptop / Desktop (>=4GB RAM, 64bit, 2.4+ preferable Quad Core)  Virtualization Solution  VMWare  Oracle Sun Innotek Virtual BOX   Microsoft virtual PC   Minimum 2 VM  Target  Attacker Presentation by Anant Shrivastava for Null 8
Attack Machine  Again Self Created or  Backtrack  Matriux  Moth/Lambert  Helix(Forensic Distro)  SIFT  Lots more google is your friend  I prefer Keeping a windows VM also and load tools specific to windows inside the VM Presentation by Anant Shrivastava for Null 9
Target Machine  Target Machine, either we can prepare ourself or use existing prebuilt images like  MetaSploitable  Unpatched Windows 2000, Xp  Damn Vulnerable Linux  de-ice  Hackerdemia  pWnOS  Ubuntu 7.04 Presentation by Anant Shrivastava for Null 10
Web Application testing  For Web applications You need some vulnerable Web application code  WebGoat  Hacme Tools(bank, Casion,Books,Travel…)  Damm vulnerable app  http://demo.testfire.net/  http://testasp.acunetix.com/  Or Download old version of joomla, wordpress, drupal set it up and you are good to go.. Presentation by Anant Shrivastava for Null 11
Do’s and Don’t  Avoid using main machine for any analysis.  Avoid Giving Read write access to VM over any folder of parent. (specially if VM and main OS are same)  Once your VM is prepared keep a screnshot. And you can use it as restore point after every session to get back to clean state. Presentation by Anant Shrivastava for Null 12
Network Testing  For Network Testing you could look at GNS3 for setting up the environment. (ciso/juniper routers / switches)  Would recommend : http://www.gns3.net/content/gns3-virtualbox-edition  Excellent guides are already available online  http://www.gns3.net/documentation Presentation by Anant Shrivastava for Null 13
Part 1 Over  However Does it satisfies your hunger?  Do you feel like conquering something even if you get inside one of the machine.  Initially yes but later NO.  It fails to satisfy the fun of manhandling the live target.  So lets see If we have any option of doing it within legal limits. Presentation by Anant Shrivastava for Null 14
Beyond just Lab 1. We can practice of online playgrounds.  Live websites providing new challenges every now and then. 1. Honeynet.org 2. Hackthissite.org 3. Smashthestack.org 4. Intruded.net 5. intern0t 6. http://projectshellcode.com/ 7. For casual brain teasing Check hacker.org Are just a few examples Presentation by Anant Shrivastava for Null 15
Beyond just lab  Practice on Live target’s willing to pay  Facebook.com  Mozilla for its products  Google.com Note : Do read the SOW and then only start. Presentation by Anant Shrivastava for Null 16
Capture The Flag  You can also participate in various CTF competition. (result fame and / or money besides increase in knowledge and confidence)  Capture the flag or CTF are competitions organized world wide in both online and offline mode.  People either team up and play against computer / organizer or are pitted against each other. Presentation by Anant Shrivastava for Null 17
Online CTF  When players play against organizer, they are given set of challenges which they need to complete within stipulated time limit and max scorer wins.  Some common characteristics  The challenges will try to touch all bases of ethical hacking (web app, RE, forensics, crypto and more)  You can keep your Zero days with you.  Generally challenges will be checking your approach and not how quickly you can skim through osvdb or exploit- db  Nearly 100% require documented approach to be a winner. Presentation by Anant Shrivastava for Null 18
Must have tools  These are tools and command that have made by must know how to use and must be ready to be used list  Ping, ssh, telnet, scp, mount, fsck, file  Nmap, gdb  Strace, ltrace, ptrace  Strings, Hexedit  Wireshark, aircrack suite  Firefox plugin set : tamper data, live header, firebug etc.  Windows tools : Network Miner (this tool alone is my reason as of now to keep a windows VM)  Metasploit, burp/ZAP. NOTE : YMMV : your mileage may vary Presentation by Anant Shrivastava for Null 19
One on One  This type of CTF is generally played in offline mode.  Each team is given a machine to play.  Machine contains a flag.  Task is to save your flag and also capture opponents flag.  This is Wild Wild West keep aside all books and start shooting as much arsenal as you have.  Good approach is to have few members focusing on hardening and others focusing on attack.  These events do see lots and lots of DDoS and DoS attacks Presentation by Anant Shrivastava for Null 20
Resources to follow  BackTrack Mailing list  Full Disclosure (select mailing list of interest)  Main full disclosure  Web application security  Security focus (select mailing list of interest)  Security basics  SANS Internet Storm Center  Darknet  To name a few Presentation by Anant Shrivastava for Null 21
Anant Shrivastava http://anantshri.info

Empfohlen

OWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideOWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideLudovic Petit
 
Open source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabOpen source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabBoni Yeamin
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouKevin Fealey
 
Basic of SSDLC
Basic of SSDLCBasic of SSDLC
Basic of SSDLCChitpong Wuttanan
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management Argyle Executive Forum
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 

Empfohlen

OWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideOWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideLudovic Petit
 
Open source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabOpen source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabBoni Yeamin
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouKevin Fealey
 
Basic of SSDLC
Basic of SSDLCBasic of SSDLC
Basic of SSDLCChitpong Wuttanan
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management Argyle Executive Forum
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left SecurityBATbern
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesScott Hurrey
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch TuesdayIvanti
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testingavioren1979
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
 
Stuxnet worm
Stuxnet wormStuxnet worm
Stuxnet wormsommerville-videos
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.Hardeep Bhurji
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptxanumeha bhatnagar
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsAdeel Javaid
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure ProgrammingBalavignesh Kasinathan
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 

Weitere ähnliche Inhalte

Was ist angesagt?

Shift Left Security
Shift Left SecurityShift Left Security
Shift Left SecurityBATbern
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesScott Hurrey
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch TuesdayIvanti
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testingavioren1979
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.Hardeep Bhurji
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsAdeel Javaid
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 

Was ist angesagt? (20)

Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testing
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
 
Stuxnet worm
Stuxnet wormStuxnet worm
Stuxnet worm
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptx
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic Analysis
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Kali presentation
Kali presentationKali presentation
Kali presentation
 

Andere mochten auch

Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processingAnton Arhipov
 
Learning sed and awk
Learning sed and awkLearning sed and awk
Learning sed and awkYogesh Sawant
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Philippe Bogaerts
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Thoughtworks
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line toolsEric Wilson
 
Sed & awk the dynamic duo
Sed & awk the dynamic duoSed & awk the dynamic duo
Sed & awk the dynamic duoJoshua Thijssen
 
Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unixJavin Paul
 
Unix Command Line Productivity Tips
Unix Command Line Productivity TipsUnix Command Line Productivity Tips
Unix Command Line Productivity TipsKeith Bennett
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPMichael Coates
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014iimjobs and hirist
 
RHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRadien software
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 

Andere mochten auch (20)

PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processing
 
Learning sed and awk
Learning sed and awkLearning sed and awk
Learning sed and awk
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line tools
 
Sed & awk the dynamic duo
Sed & awk the dynamic duoSed & awk the dynamic duo
Sed & awk the dynamic duo
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unix
 
Unix Command Line Productivity Tips
Unix Command Line Productivity TipsUnix Command Line Productivity Tips
Unix Command Line Productivity Tips
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
 
SSH
SSHSSH
SSH
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014
 
RHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and Answers
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 

Ähnlich wie How to Setup A Pen test Lab and How to Play CTF

Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
Puppet for SysAdmins
Puppet for SysAdminsPuppet for SysAdmins
Puppet for SysAdminsPuppet
 
Metasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesMetasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesTrowalts
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Chaos Engineering Talk at DevOps Days Austin
Chaos Engineering Talk at DevOps Days AustinChaos Engineering Talk at DevOps Days Austin
Chaos Engineering Talk at DevOps Days Austinmatthewbrahms
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing toolmedoelkang600
 
Adversarial Post-Ex: Lessons From The Pros
Adversarial Post-Ex: Lessons From The ProsAdversarial Post-Ex: Lessons From The Pros
Adversarial Post-Ex: Lessons From The ProsJustin Warner
 
Adversarial Post Ex - Lessons from the Pros
Adversarial Post Ex - Lessons from the ProsAdversarial Post Ex - Lessons from the Pros
Adversarial Post Ex - Lessons from the Prossixdub
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...SegInfo
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Zoltan Balazs
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for EveryoneNikhil Mittal
 
Anomaly detection in deep learning (Updated) English
Anomaly detection in deep learning (Updated) EnglishAnomaly detection in deep learning (Updated) English
Anomaly detection in deep learning (Updated) EnglishAdam Gibson
 
Adventures in Asymmetric Warfare
Adventures in Asymmetric WarfareAdventures in Asymmetric Warfare
Adventures in Asymmetric WarfareWill Schroeder
 

Ähnlich wie How to Setup A Pen test Lab and How to Play CTF (20)

Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
Puppet for SysAdmins
Puppet for SysAdminsPuppet for SysAdmins
Puppet for SysAdmins
 
Metasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesMetasploit: Pwnage and Ponies
Metasploit: Pwnage and Ponies
 
Backtrack Manual Part9
Backtrack Manual Part9Backtrack Manual Part9
Backtrack Manual Part9
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Chaos Engineering Talk at DevOps Days Austin
Chaos Engineering Talk at DevOps Days AustinChaos Engineering Talk at DevOps Days Austin
Chaos Engineering Talk at DevOps Days Austin
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
 
Adversarial Post-Ex: Lessons From The Pros
Adversarial Post-Ex: Lessons From The ProsAdversarial Post-Ex: Lessons From The Pros
Adversarial Post-Ex: Lessons From The Pros
 
Adversarial Post Ex - Lessons from the Pros
Adversarial Post Ex - Lessons from the ProsAdversarial Post Ex - Lessons from the Pros
Adversarial Post Ex - Lessons from the Pros
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
Bettercap
BettercapBettercap
Bettercap
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
Anomaly detection in deep learning (Updated) English
Anomaly detection in deep learning (Updated) EnglishAnomaly detection in deep learning (Updated) English
Anomaly detection in deep learning (Updated) English
 
Adventures in Asymmetric Warfare
Adventures in Asymmetric WarfareAdventures in Asymmetric Warfare
Adventures in Asymmetric Warfare
 

Mehr von n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Kürzlich hochgeladen

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 

How to Setup A Pen test Lab and How to Play CTF

  • 2. What is a Pen test Lab  A Pen testing Lab just like any other lab is a controlled environment where behavioral or operational patterns of a object / application could be studied for enhancement of skill / knowledge of the practitioner.  More specifically we try to create a replica of Wild Wild West and try to study it in a controlled manner Presentation by Anant Shrivastava for Null 2
  • 3. Why  Give me six hours to chop down a tree and I will spend the first four sharpening the axe. -Abraham Lincoln  Practice enhances perfection  Do I need to say more….. Presentation by Anant Shrivastava for Null 3
  • 4. What we will be practicing  A pentest lab could be a generalized lab or focused lab towards one single approach.  Such as  network testing  web app testing  malware analysis  mobile analysis  More and more… Presentation by Anant Shrivastava for Null 4
  • 5. Standards good to know  OWASP – Open Web Application Security Project  OSSTMM - Open Source Security Testing Methodology Manual  ISO 27001 – auditing standard : (protection mechanism postmortem details). Presentation by Anant Shrivastava for Null 5
  • 6. Lets Get Started  What are the basic requirements of a Pentest Lab.  Network  2-3 PC  Some vulnerable stuff.  Some toolset.  And of course a Twisted mind  Presentation by Anant Shrivastava for Null 6
  • 7. Approach 1  Purchase a Switch/Router  Keep two powerful computers make one as target another as attacker.  PC target : could be loaded with prebuilt vulnerable software stacks. (examples ahead)  PC attack : load it with self build tool chain or prebuilt tool chain. Presentation by Anant Shrivastava for Null 7
  • 8. Approach 2  Virtualization  1 Powerful Laptop / Desktop (>=4GB RAM, 64bit, 2.4+ preferable Quad Core)  Virtualization Solution  VMWare  Oracle Sun Innotek Virtual BOX   Microsoft virtual PC   Minimum 2 VM  Target  Attacker Presentation by Anant Shrivastava for Null 8
  • 9. Attack Machine  Again Self Created or  Backtrack  Matriux  Moth/Lambert  Helix(Forensic Distro)  SIFT  Lots more google is your friend  I prefer Keeping a windows VM also and load tools specific to windows inside the VM Presentation by Anant Shrivastava for Null 9
  • 10. Target Machine  Target Machine, either we can prepare ourself or use existing prebuilt images like  MetaSploitable  Unpatched Windows 2000, Xp  Damn Vulnerable Linux  de-ice  Hackerdemia  pWnOS  Ubuntu 7.04 Presentation by Anant Shrivastava for Null 10
  • 11. Web Application testing  For Web applications You need some vulnerable Web application code  WebGoat  Hacme Tools(bank, Casion,Books,Travel…)  Damm vulnerable app  http://demo.testfire.net/  http://testasp.acunetix.com/  Or Download old version of joomla, wordpress, drupal set it up and you are good to go.. Presentation by Anant Shrivastava for Null 11
  • 12. Do’s and Don’t  Avoid using main machine for any analysis.  Avoid Giving Read write access to VM over any folder of parent. (specially if VM and main OS are same)  Once your VM is prepared keep a screnshot. And you can use it as restore point after every session to get back to clean state. Presentation by Anant Shrivastava for Null 12
  • 13. Network Testing  For Network Testing you could look at GNS3 for setting up the environment. (ciso/juniper routers / switches)  Would recommend : http://www.gns3.net/content/gns3-virtualbox-edition  Excellent guides are already available online  http://www.gns3.net/documentation Presentation by Anant Shrivastava for Null 13
  • 14. Part 1 Over  However Does it satisfies your hunger?  Do you feel like conquering something even if you get inside one of the machine.  Initially yes but later NO.  It fails to satisfy the fun of manhandling the live target.  So lets see If we have any option of doing it within legal limits. Presentation by Anant Shrivastava for Null 14
  • 15. Beyond just Lab 1. We can practice of online playgrounds.  Live websites providing new challenges every now and then. 1. Honeynet.org 2. Hackthissite.org 3. Smashthestack.org 4. Intruded.net 5. intern0t 6. http://projectshellcode.com/ 7. For casual brain teasing Check hacker.org Are just a few examples Presentation by Anant Shrivastava for Null 15
  • 16. Beyond just lab  Practice on Live target’s willing to pay  Facebook.com  Mozilla for its products  Google.com Note : Do read the SOW and then only start. Presentation by Anant Shrivastava for Null 16
  • 17. Capture The Flag  You can also participate in various CTF competition. (result fame and / or money besides increase in knowledge and confidence)  Capture the flag or CTF are competitions organized world wide in both online and offline mode.  People either team up and play against computer / organizer or are pitted against each other. Presentation by Anant Shrivastava for Null 17
  • 18. Online CTF  When players play against organizer, they are given set of challenges which they need to complete within stipulated time limit and max scorer wins.  Some common characteristics  The challenges will try to touch all bases of ethical hacking (web app, RE, forensics, crypto and more)  You can keep your Zero days with you.  Generally challenges will be checking your approach and not how quickly you can skim through osvdb or exploit- db  Nearly 100% require documented approach to be a winner. Presentation by Anant Shrivastava for Null 18
  • 19. Must have tools  These are tools and command that have made by must know how to use and must be ready to be used list  Ping, ssh, telnet, scp, mount, fsck, file  Nmap, gdb  Strace, ltrace, ptrace  Strings, Hexedit  Wireshark, aircrack suite  Firefox plugin set : tamper data, live header, firebug etc.  Windows tools : Network Miner (this tool alone is my reason as of now to keep a windows VM)  Metasploit, burp/ZAP. NOTE : YMMV : your mileage may vary Presentation by Anant Shrivastava for Null 19
  • 20. One on One  This type of CTF is generally played in offline mode.  Each team is given a machine to play.  Machine contains a flag.  Task is to save your flag and also capture opponents flag.  This is Wild Wild West keep aside all books and start shooting as much arsenal as you have.  Good approach is to have few members focusing on hardening and others focusing on attack.  These events do see lots and lots of DDoS and DoS attacks Presentation by Anant Shrivastava for Null 20
  • 21. Resources to follow  BackTrack Mailing list  Full Disclosure (select mailing list of interest)  Main full disclosure  Web application security  Security focus (select mailing list of interest)  Security basics  SANS Internet Storm Center  Darknet  To name a few Presentation by Anant Shrivastava for Null 21