In lieu of a post with real content, I’m going to continue to work on the site and get stuff working right. But for now, here are the videos I did for Securityaegis.com on building Pentest Labs. If you haven’t checked out Securityaegis.com, it’s a definite must in my opinion. Jason does some pretty great work over there, and every once in a while he lets me ruin the quality of his site a bit.
First we start with a basic lab for Network testing. Check out the write up that goes with the video at Securityaegis.com/network-pentest-lab/
From there, we move on to setting up the lab for Web App Testing with some intentionally vulnerable apps. Again, to get the full use of this video, read the write up at Securityaegis.com/pentest-lab-web-application-edition/
Again, nothing new here, but if you haven’t played with setting up your own lab, you really should. The labs can be created practically for free. You can even get a free, legal, XP VM from NIST. Follow the instructions found in the Metasploit Unleased framework released by Offensive Security. Depending on what Virtualization application you use, you may need to convert the vhd file with vSphere Converter from VMware (which is also free). Hopefully, I’ll end up doing a part 3 here soon “Playing with Domains” so keep an eye out.