Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Pentesting lab
From: "s3c.b3n" <securitybender () gmail com>
Date: Sat, 9 Jan 2010 22:46:55 +0530

Thanks for the extra info on malware analysis. Really apprentice it

On Mon, Jan 4, 2010 at 3:34 PM, Elliot Fernandes
<elliotfernandes () yahoo com> wrote:
You could run vmware, and install windows xp service pack 2. service pack 2 is used by most people in the windows 
world, they havent completely shifted to vista or windows 7. It's already running vulnerable services mostly on ports 
135,139, and 445 tcp. You just need the latest version of metasploit to test it. For analyzing malware there's a 
script in python called malware analyzer http://www.beenuarora.com/code/analyse_malware.py . But you will need the PE 
module from google code http://code.google.com/p/pefile in the same folder. The malware analyzer is amazingly good 
for analyzing botnet-binaries and viruses and such. You'll also need Olly Debug and IDA pro. Have two VMs ready, one 
windows for the victim, and linux, preferably backtrack for the attacker. That should about do. Oh, you could also 
have a Honeypot ready to catch exploits from the wild. you could have them separated from your normal network.

s3c b3n

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]