RE: Pentesting lab




Just curious to know if there are any distros for Windows like DVL for
Linux Probably with all the necessary packages like SQL, IIS, Exchange,
ASP/Dot Net etc inbuilt...?

Would be really great if someone can throw light on this.


Regards,

Balaji Swaminathan .M


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Robert Portvliet
Sent: Tuesday, December 29, 2009 5:41 AM
To: s3c.b3n
Cc: pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: Pentesting lab

In terms of webapp testing there's GOAT from OWASP, MOTH from Bonsai
Sec, Mutillidae from IronGeek, DVWA (Damn Vulnerable Web App) and the
'HackMe' series from Foundstone.

On the network side there's the De-ICE LiveCD's and DVL (Damn
Vulnerable Linux), also VMWare's marketplace has a bunch of VM images
you can download.





On Thu, Dec 24, 2009 at 9:09 AM, s3c.b3n <securitybender@xxxxxxxxx>
wrote:
Hi all,

I'm just starting my career a security specialist. I'm interested in
creating my own penetration testing lab. To test exploits (metasploit
epically) I need some targets (vulnerable servers). Are there such
servers (VM images or ISOs) for general services like OWASP for web
apps? or are there any scripts or applications that can create those
vulnerabilities.

My main goal is to get familiar with the existing tools.

Thanks
--
s3c b3n


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org

------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: career advice
    ... As someone who is at a similar point in their career as Nathalie, I also really appreciate the responses from people. ... Vulnerabilities are found in freely available software constantly, ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • Re: Pentesting lab
    ... vulnerabilities. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Pentesting lab
    ... vulnerabilities. ... actually do a proper penetration test. ... a full practical examination in order to become certified. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Pentesting lab
    ... vulnerabilities. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • RE: Which Commercial Web App Scanner?
    ... so assuming that leaves WebInspect and Acunetix ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
    (Pen-Test)