Re: Using a Virtualized Pen Test Platform



It's a pain to reboot, almost as much as it is to carry two machines to run some activities concurrently. I have read that several prominent penetration testers use VMs; and there is some information out there about booting one partition and running the second partition in a virtual machine instead of booting back and forth. I haven't heard of any reported problems with these - the only item of interest I know is of VM-aware malware that will shut itself off if you try to examine it inside a virtual machine; but this shouldn't affect you if you are performing that sort of work.

A friend of mine who works for RedHat swears by Xen; however you should probably test it yourself. One issue I have run into with any VM solution is the hardware may not support virtualization; I've had that problem with several Toshiba laptops. I know ESXi has pages dedicated to hardware compatibility lists.

Jon Kibler wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

I have traditionally used a multi-boot Linux box as my pen-test platform. It has
always had the disadvantage that I had to reboot into Windows to run some tools
that seem to break under wine.

For the past several months, I have been tinkering with using VMware Workstation
as my base platform, so I can just switch VMs rather than having to reboot. So
far, it seems to work pretty well. However, I am wondering if I am missing
something that is broken by VMware that I have not yet detected. For example,
does VMware break any of the packet crafters or other tools that do 'unusual'
things, that may cause the packet to not traverse correctly from VMware to the
outside target?

What other issues do I need to be aware of?

Also, is there any advantage or disadvantage of running Workstation vs. Server
vs. ESXi as the underlying VMware system?

What would be the advantages or disadvantages of running XEN? Does it have any
issues as a pen test platform hypervisor?

THANKS!

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224
s: JonRKibler
e: Jon.Kibler@xxxxxxxx
e: Jon.R.Kibler@xxxxxxxxx
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrd4DYACgkQUVxQRc85QlO60gCfT2sQ2gsBJo6vcSYIxPHtSA9U
8WgAn2dAPMxow+r0lx2ThokdjtX6o0+z
=bmip
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.


------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Using a Virtualized Pen Test Platform
    ... I also use virtualization for a pen-testing platform and have for some ... I have been tinkering with using VMware Workstation ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • Re: Pentest lab box 16 gigs of ram
    ... Unless of course you need a host OS for other things. ... I'm thinking of building a vmware target box for a pentest practice lab ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • Re: [opensuse] zypper ps -> gmain
    ... Of for god sake just reboot. ... running on old binaries is seldom worth the time. ... was about VMware tools, and any version of Vmware would require ...
    (SuSE)
  • Re: Haldaemon and Vmware
    ... If I run vmware, then try to reboot the ... If I restart the haldaemon prior to rebooting, ... legal statement: http://www.uni-x.org/legal.html Fedora GNU/Linux Core 2 on Athlon kernel 2.6.9-1.6_FC2smp ...
    (Fedora)
  • Re: VMware on Debian
    ... you have to reconfigure it every time you reboot because the vmware ... > launch vmware and call the fix script if needed. ... I will go with the beta and see if I continue having problems. ...
    (Debian-User)