Re: Exploit package analysis

From: Mattias Ahnberg (mattias_at_ahnberg.pp.se)
Date: 07/29/05

  • Next message: Ivan C: "Re: IPS Comparison"
    Date: Fri, 29 Jul 2005 13:35:13 +0200
    To: pen-test@securityfocus.com
    
    

    Erin Carroll wrote:
    > My question to all of you is what are some basic sandbox tools you would
    > recommend to pursue this? Does anyone work in a similar vein and has the
    > experience been helpful in your pen-testing work?

    I normally use VMware with one or more boxes in a virtual VMware-internal
    network to test things out. Its easy to take a snapshot, entirely trash a
    system, press a button and revert all changes back to the state it was in
    before you begun. A _huge_ timesaver when debugging & analyzing.

    In Windows I run tools like ethereal, sysinternals tools (filemon, regmon
    and whatever else suits your current needs) and ollydbg for example. As a
    complement to the Windows box I usually have another virtual machine alive
    with Linux on it; I run a VMware internal network and use the Linux box as
    default gateway for the Windows box, and therefore see all traffic that
    the box attempts to send out when infected.

    On the Linux (or whatever OS you favor at the time) box it is useful to
    run something like dsniff's arpspoof & dnsspoof.

    There are a million ways you can do things like this. Put perhaps this is
    of some use to someone. :)

    -- 
    /ahnberg.
    

  • Next message: Ivan C: "Re: IPS Comparison"

    Relevant Pages

    • Re: Home server decision
      ... I've found VMware Player hosted under Windows satisfactory ... It's also available hosted under Linux, ... garish colours and not enough control over the install process. ...
      (comp.os.vms)
    • Re: Good Microsoft TV ad!
      ... I don't run windows in there tho, but I do run Solaris 10 and a couple of linux distros. ... Well, all of the above is a good example regarding the complexity and hassles of current operating systems - Linux excluded, of course - unless you consider the fact that a lot of drivers are not on the installation discs and you have to download them. ... So, I don't claim to know much about how it works but the idea of a virtual partition or however VMWare works sounds better than having an actual Windows partition subject to virus problems, which, I think, is how the Mac software that allows dual booting works ... has Netbeans with GlassFish server installed and you have Netbeans for OS X with GlassFish server running, ...
      (comp.sys.mac.advocacy)
    • Re: upgrading a Citrix server -- need comments
      ... I have put together several Windows servers. ... will not port Quick Books to Linux, ... > these days you have vmware or cloning so it doesn't take that long to ... > What I like to do is use vmware server running on linux as the base ...
      (microsoft.public.windows.terminal_services)
    • Re: Home server decision
      ... I've found VMware Player hosted under Windows satisfactory ... It's also available hosted under Linux, ... bsd as guest under VMware but it's trivial to try. ...
      (comp.os.vms)
    • Re: Good Microsoft TV ad!
      ... I don't run windows in there tho, but I do run Solaris 10 and a couple of linux distros. ... Well, all of the above is a good example regarding the complexity and hassles of current operating systems - Linux excluded, of course - unless you consider the fact that a lot of drivers are not on the installation discs and you have to download them. ... So, I don't claim to know much about how it works but the idea of a virtual partition or however VMWare works sounds better than having an actual Windows partition subject to virus problems, which, I think, is how the Mac software that allows dual booting works ... has Netbeans with GlassFish server installed and you have Netbeans for OS X with GlassFish server running, ...
      (comp.sys.mac.advocacy)