Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
-
Upload
north-texas-chapter-of-the-issa -
Category
Internet
-
view
46 -
download
1
Transcript of Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Target Acquired: DIY Pentest Lab
Dustin Dykes / Wirefall / @DHAhole
NTXISSACSC5
Local Resources
● NTXISSA – https://ntxissa.org– 3rd Thursday
● Ft. Worth ISSA – https://www.issafortworth.org/– 2nd Tuesday
● NTXCSG – https://www.meetup.com/NTXCSG/– Last Thursday
● DC214 – http://dc214.org/– 2nd Wednesday
● Hack FtW – http://hackftw.com/– See DFW InfoSec Calendar (@DFW_InfoSec)
Local Resources
● Dallas Hackers Association (DHA)– 1st Wednesday @ Family Karaoke (http://familykaraokedfw.com/)
– https://dallashackers.com/
– Meetup: Dallas-Hackers-Association
– Twitter: @Dallas_Hackers
● DHA Capture the Flag (CTF)– Commander (@c0mmand3rOpSec)
– Prevade Cybersecurity (https://www.prevade.com/)
● DHA Lockpick Village– Moe Bius (@RadlyRedundant)
Match the Attacker to the Weapon(Analogy)
1) n00bs!
2) Script Kiddies
3) L33t Hax0rs
4) Hacktivists
5) Professionals
6) Criminals
7) APTs/Nation States
A) ICBM
B) Pea Shooter
C) IED
D) Hammer
E) Machine Gun
F) Pistol
G) Sarin Gas
Responsible Testing
Pentest Lab Environments
● Bad– Internet (Shodan)
– Work/Client
● Good– Web-based CTFs
– Cloud-based CTFs
– Remotely Hosted Labs
– Locally Hosted Labs – Bare Metal
– Locally Hosted Labs – Virtualized
– Locally Hosted Labs – Hybrid
Bare Metal
Virtualized
Hybrid
Hardware
● Simplicity● Redundancy● Exploitation practice and development
– Hardware only equipment
– IoT
● Virtualization considerations– Full virtualization vs. paravirtualization (VT-x/AMD-V)
– Storage
– Memory
– CPU cores
Virtualization Software
Labs