o Pen test teams are expensive, but they reward you by
identifying vulnerabilities before they are exploited,
which could cost a corporation dearly in terms of
both money and reputation.
o If you can only afford to send one person on the
team to training, send him and have him train the
others on what he learned when he returns.
o Obtain DVD courses.
o Make sure you are not violating copyright laws.
o Keep improving the skills of lab personnel.
• Selecting a pen test framework:
o Open Source Security Testing Methodology Manual
o Huge following in the industry
o Scientific method
o Puts a lot of responsibility on the pen tester to be
familiar with tools, exploits, services, network, etc.
• Targets in the pen test lab:
o De-ICE.net. Has multiple live CDs available to
download for free.
• At a minimum, we need one strong hardware box
(attacker) with one or more VMs (virtual machines)
running on it (target). VM targets should be set up to
utilize minimal resources. You can install many VMs
on an external hard drive and load/run them as needed. Rather than reinstalling an operating system or
some other application such as a SQL server, it’s much
easier to just restart a VM.
• Even better is two computers: one is the attacker and
one is the target.
• Best is to have one or more attack machines and several victim machines.
• The PTL must be on its own network with no interface to any other network (air gapped and no Internet
• Use hardwired Ethernet cables and switches to route
• Be sure all wireless NICs (network interface cards) are
turned off (unless you are practicing wireless network
• You can either set up your own attack machine or use
Kali Linux or Back Track.
• The software we will install:
o Kali Linux
o Back Track
o Metasploitable—a Linux VM
o Windows XP with no service packs installed
• Our ultimate lab would have systems containing
copies of all critical systems/apps.
• We want a variety of operating systems, two firewalls,
IPS/IDSs, one Web server, Web applications, one
database server, a Web application firewall, worksta-
tions (two Windows, Linux), servers (one Windows,
one Linux, one FreeBSD), one domain controller
(Windows 2008), one FTP server (Ubuntu), one wire-
less router, one radius server, two laptops with WiFi, a
debugger, one Web site, and one Web 2.0 application.
o Server/victim workstations = VMware Workstation
• Hardware platform must have at least 4 GB RAM and
be at least dual core.
o Server operating systems:
MSW 2008 server
MSW 2003 server
Ubuntu 12.04 LTS = Linux Server OS
MSW XP Pro
MSW 7 Pro
ASUS WL-520gc = LAN/WLAN router
o Laptop will be the attacker.
o Samsung Galaxy Tab will be our WiFi target.
o The Web server, FTP server, and Web app will all be
• Vulnerable web applications you can install:
• DVWA (Damn Vulnerable Web App)
• OWASP Broken Web Applications Project.
• NOWASP Web Pen-Test Practice Application.
• Our host workstation (target) can hold the following
VM’s using VMware Workstation 8.0:
o FTP server (Ubuntu Server 12)
o Domain controller (MSW Server 2008) -.iso install-
er disk image
o Win 7 Pro -.iso installer disk image
o Win XP Pro -.iso installer disk image
• Online hacking labs:
o http://www.Hack ThisSite.org
o http://www.Dare YourMind.net
From: Conducting Network Penetration and Espionage in a
Global Environment by Bruce Middleton www.crcpress.com/