Lab leads??

From: 'ken'@FTU
Date: 10/17/01

• Previous message: High Speed: "Re: Hacking Lotus Domino 5.0.5"
• Next in thread: Alex Butcher (pentest): "Re: Lab leads??"
• Reply: Alex Butcher (pentest): "Re: Lab leads??"
• Reply: Don Bailey: "Re: Lab leads??"
• Reply: Greg Rice: "RE: Lab leads??"
• Reply: H D Moore: "Re: Lab leads??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <3BCCF4B9.9000100@yahoo.com>
Date: Tue, 16 Oct 2001 23:02:17 -0400
From: "'ken'@FTU" <franklin_tech_bulletins@yahoo.com>
To: pen-test@securityfocus.com
Subject: Lab leads??

Hello,

I'm looking to set up a lab of about 30 host to simulater an
Internet/DMZ/Intranet.

Does anyone have any sources (papers) or ideas that might help? Here are
a few parameters:

Lab must contain various OS'es.
Lab must be able to be very easily configurable to create and
demonstrate holes and how to patch them. (But then recreate the hole to
demonstrate the weakness again to another set of people.)
The holes must be at the network, os and application levels.

One idea I had is to create images of servers known to have holes,
demonstrate the exploit, patch the hole, show it is fixed and then
reimage the disk with the old hole. The imaging trick should work with
different OS's as well. What do you think?

Thanks in advance.

'ken'

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

---

• Previous message: High Speed: "Re: Hacking Lotus Domino 5.0.5"
• Next in thread: Alex Butcher (pentest): "Re: Lab leads??"
• Reply: Alex Butcher (pentest): "Re: Lab leads??"
• Reply: Don Bailey: "Re: Lab leads??"
• Reply: Greg Rice: "RE: Lab leads??"
• Reply: H D Moore: "Re: Lab leads??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Lab leads?? ... Subject: Lab leads?? ... >> The holes must be at the network, ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) RE: Lab leads?? ... Subject: Lab leads?? ... > The holes must be at the network, ... > This list is provided by the SecurityFocus Security ... > SecurityFocus' SIA service which automatically alerts you to ... (Pen-Test) Re: Lab leads?? ... Subject: Lab leads?? ... > I'm looking to set up a lab of about 30 host to simulater an ... > The holes must be at the network, ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) Re: Armstrong and doping on American radio ... the lab which tested Landis's data, even to the point of accusing them ... I am simply pointing out there are holes in their procedures where there need to be none, ... the ASO/ the lab or anyone else was involved in a 'conspiracy' against ... Do you think that a testing lab needs to be of the highest possible integrity if their evidence is to be completely trustworthy? ... (uk.rec.cycling) Re: Scanners and unpublished vulnerabilities - Full Disclosure ... > often the very latest vulnerabilities come into play in their work. ... SecurityFocus was working on for CORE ST to report to a series of vendors ... > holes Microsoft fixed. ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2001-10