EvilZone
Hacking and Security => Hacking and Security => : lucid February 11, 2014, 03:16:05 AM
-
In light of the fact that I'm going to be building a little home lab for pentesting, I have decided I need some resources for a little guidance. Simply put, I have two requests.
The first request; Does anyone know of/have any books related to penetration testing/exploiting networks in particular that would be a good read to go along with a lab? I'm really not looking for a book that contains nothing but using various metasploit modules against a network. I'm looking for a book that is a high/professional quality resource on pentesting a network. I've searched, but all books I find pretty much involve installing Metasploitable in a VM and using metasploit(go figure).
The second request; Are there any good hands on courses that are free involving the same topic? Does that even exist? Places like edX and Coursera don't seem to have much in that regard. Something kind of like: https://www.pentesterlab.com, but instead of web pentesting it involves network pentesting. Thank you.
-
Why not trying it from another perspective. You could read about the gear you use and what security features they provide and afterwards think about a way how to get through them :) The switch you have can't do any of them but basically switches can do: arp protection, dhcp protection, 802.1x, port security, mac lockdown, connection-rate filtering, virus throttling, ACLs.. just to name a few. The firewall you plan to setup on the other hand provides other features. There is even a snort module for it :) create some rules, see if they take affect when you perform a specific task and then try to hide what you are doing so the snort rule will not take affect. Thats the fun you can have with a lab. Be creative, in the end you do exactly know what needs to be avoided cause you created all rules on the security devices by yourself :)
Cheers,
RBA
-
I just feel all scatterbrained sometimes. How do I know where a good place to start is? For example, jumping right into learning how to bypass intense firewall rules before learning the smaller stuff will probably leave me confused and frustrated. I'm trying to avoid trying to fly before learning how to walk.... so to speak.
-
I mean i guess there is PWK I am not quite sure if what your looking for is in the course but it is expensive... *cough* piratebay *cough* of course you wont get access to their virtual labs but since your setting up your own you could probably replicate them.
-
I have about 50 books in full edition PDF format. anything and everything you could possibly buy pertaining to net sec and hacking. I have all of syngress books covering the topics as well as the latest in pen testing, 2013 and 14. As well as icluded dvds and isos. if I have the permissions necessary I will upload them all to this forum for all of us to enjoy.
-
Professional Penetration Testing- Creating and Operating a Formal Hacking Lab: http://rogunix.com/docs/Pentesting/Professional%20Penetration%20Testing:%20Creating%20and%20Operating%20a%20Formal%20Hacking%20Lab.pdf
http://evilzone.org/ebooks/advanced-penetration-testing-for-highly-secured-environments-ultimate-guide/
-
I have about 50 books in full edition PDF format. anything and everything you could possibly buy pertaining to net sec and hacking. I have all of syngress books covering the topics as well as the latest in pen testing, 2013 and 14. As well as icluded dvds and isos. if I have the permissions necessary I will upload them all to this forum for all of us to enjoy.
Yes please, it will be very much appreciated.
Do use the EZ upload service to upload the books and use the attachment option to upload all those videos and iso's. Post them in the ebook section. Thank you.
+1 :)
-
This isn't exactly related to pentesting or hacking much at all, but Professor Messer has a great set of videos on his site (http://www.professormesser.com/free-a-plus-training/free-a-plus/) that are directed toward the A+ certification. It's all basic computer knowledge, very basic computer knowledge, but covers a pretty big range. I liked them, and have helped me, plus they're free.
-
Several recommendations:
*Participate in wargames like SmashTheStack and CTFs like Stripe. Also try out Matasano's cryptographic challenges, they'll teach you a lot about complex cryptanalysis.
*A very good, and I cannot stress this enough, book on penetration testing and information security is The Art of Software Security Assessment: Identifying and Preventing Vulnerabilities. It's a long tome (around 1200 pages), but it's an excellent read. Highly recommended. I'm not sure if it's on EZ. If not, tell me and I'll gladly upload it.
*Download some VMs from VulnHub or the like.
*Try out some open-source vulnerable web applications like WebGoat and RailsGoat. OWASP has plenty, look them up.
*OpenSecurityTraining.info (http://opensecuritytraining.info/) has some great courses.
-
Awesome vezzy, thank you. I'll look for that book. Have a cookie for that site that's pretty much what I was looking for.
Thank you everyone, I guess I could have found a lot of that stuff on my own. I had a bad day yesterday and was feeling very flustered/couldn't focus. Sorry about that.
+cookies n' shit.
-
Several recommendations:
*Participate in wargames like SmashTheStack and CTFs like Stripe. Also try out Matasano's cryptographic challenges, they'll teach you a lot about complex cryptanalysis.
*A very good, and I cannot stress this enough, book on penetration testing and information security is The Art of Software Security Assessment: Identifying and Preventing Vulnerabilities. It's a long tome (around 1200 pages), but it's an excellent read. Highly recommended. I'm not sure if it's on EZ. If not, tell me and I'll gladly upload it.
*Download some VMs from VulnHub or the like.
*Try out some open-source vulnerable web applications like WebGoat and RailsGoat. OWASP has plenty, look them up.
*OpenSecurityTraining.info (http://opensecuritytraining.info/) has some great courses.
Can you upload this book pls?
-
Turns out it already has been: http://evilzone.org/ebooks/%28request%29-the-art-of-software-security-assessment/msg72190/ (http://evilzone.org/ebooks/%28request%29-the-art-of-software-security-assessment/msg72190/)
-
Yup I found it. It's a chm which I don't really prefer but hey, it's knowledge.
-
MOOC University: http://www.mooc-list.com/
here are some examples but use the search engine:
http://www.mooc-list.com/course/exploits-1-introduction-software-exploits-ost
http://www.mooc-list.com/course/exploits-2-exploitation-windows-environment-ost
http://www.mooc-list.com/course/introductory-intel-x86-architecture-assembly-applications-alliteration-ost
http://www.mooc-list.com/course/computer-networks-coursera
http://www.mooc-list.com/course/introduction-cybersecurity-canvasnet
http://www.mooc-list.com/course/cryptography-i-coursera
http://www.mooc-list.com/course/rootkits-what-they-are-and-how-find-them-ost
http://www.mooc-list.com/course/introduction-reverse-engineering-software-ost
http://www.mooc-list.com/course/intermediate-intel-x86-architecture-assembly-applications-alliteration-ost
Have at it!
-
Awesome thank you. +1
-
I found Security Power Tools to be a very comprehensive guide on how to use tools. It's a bit antiquated (uses on old version of Nessus, etc), but most of it is still very relevant. This book would be a great addition to a pentesting lab. Good luck.
Here is a PDF: http://csis.bits-pilani.ac.in/faculty/murali/netsec-10/papers/OReilly.Security.Power.Tools.Aug.2007.pdf (http://csis.bits-pilani.ac.in/faculty/murali/netsec-10/papers/OReilly.Security.Power.Tools.Aug.2007.pdf)
-
http://opensecuritytraining.info/Training.html
-
Here's a pretty good video series on youtube, it's an offensive security class at Florida State University.
https://www.youtube.com/user/gtg051x/videos
And of course www.securitytube.net is always good to browse.
-
David Hoelzer & EnclaveForensics
http://auditcasts.com/videos/mov/videos (http://auditcasts.com/videos/mov/videos)
This guy got pretty awesome (and free) presentations. I specially like his buffer overflow presentation (vid #23) but there are other gems in that list as well!
Hope you enjoy
-
I found this
http://online.stanford.edu
www.klocwork.com/elearning/secure-programming-courses/intro-to-secure-coding-c-cpp/