Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Lab leads??
From: H D Moore <hdm () secureaustin com>
Date: Thu, 18 Oct 2001 16:26:24 -0500

On Tuesday 16 October 2001 10:02 pm, franklin_tech_bulletins () yahoo com wrote:

[ snip ]
One idea I had is to create images of servers known to have holes,
demonstrate the exploit, patch the hole, show it is fixed and then
reimage the disk with the old hole. The imaging trick should work with
different OS's as well. What do you think?

My company uses stacks of nice dual-proc rackmount machines each running 
linux with 5 VMWare images. Managing the system is trivial via Xvnc and 
SSH tunnels, images are stored locally in compressed format and on CD. For 
the other 10% of targets that need special hardware (solaris sparc, hpux, 
etc) we just make a backup image of their drives and restore as needed.

H D Moore
http://www.digitaldefense.net - work
http://www.digitaloffense.net - play

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]