ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
TRANSCRIPT
![Page 1: Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67759d7f8b9a656a8b53e9/html5/thumbnails/1.jpg)
Target Acquired: DIY Pentest Lab
Dustin Dykes / Wirefall / @DHAhole
![Page 2: Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67759d7f8b9a656a8b53e9/html5/thumbnails/2.jpg)
NTXISSACSC5
![Page 3: Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67759d7f8b9a656a8b53e9/html5/thumbnails/3.jpg)
Local Resources
● NTXISSA – https://ntxissa.org– 3rd Thursday
● Ft. Worth ISSA – https://www.issafortworth.org/– 2nd Tuesday
● NTXCSG – https://www.meetup.com/NTXCSG/– Last Thursday
● DC214 – http://dc214.org/– 2nd Wednesday
● Hack FtW – http://hackftw.com/– See DFW InfoSec Calendar (@DFW_InfoSec)
![Page 4: Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67759d7f8b9a656a8b53e9/html5/thumbnails/4.jpg)
Local Resources
● Dallas Hackers Association (DHA)– 1st Wednesday @ Family Karaoke (http://familykaraokedfw.com/)
– https://dallashackers.com/
– Meetup: Dallas-Hackers-Association
– Twitter: @Dallas_Hackers
● DHA Capture the Flag (CTF)– Commander (@c0mmand3rOpSec)
– Prevade Cybersecurity (https://www.prevade.com/)
● DHA Lockpick Village– Moe Bius (@RadlyRedundant)
![Page 5: Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67759d7f8b9a656a8b53e9/html5/thumbnails/5.jpg)
Match the Attacker to the Weapon(Analogy)
1) n00bs!
2) Script Kiddies
3) L33t Hax0rs
4) Hacktivists
5) Professionals
6) Criminals
7) APTs/Nation States
A) ICBM
B) Pea Shooter
C) IED
D) Hammer
E) Machine Gun
F) Pistol
G) Sarin Gas
![Page 6: Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67759d7f8b9a656a8b53e9/html5/thumbnails/6.jpg)
Responsible Testing
![Page 7: Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67759d7f8b9a656a8b53e9/html5/thumbnails/7.jpg)
Pentest Lab Environments
● Bad– Internet (Shodan)
– Work/Client
● Good– Web-based CTFs
– Cloud-based CTFs
– Remotely Hosted Labs
– Locally Hosted Labs – Bare Metal
– Locally Hosted Labs – Virtualized
– Locally Hosted Labs – Hybrid
![Page 8: Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67759d7f8b9a656a8b53e9/html5/thumbnails/8.jpg)
Bare Metal
![Page 9: Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67759d7f8b9a656a8b53e9/html5/thumbnails/9.jpg)
Virtualized
![Page 10: Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67759d7f8b9a656a8b53e9/html5/thumbnails/10.jpg)
Hybrid
![Page 11: Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67759d7f8b9a656a8b53e9/html5/thumbnails/11.jpg)
Hardware
● Simplicity● Redundancy● Exploitation practice and development
– Hardware only equipment
– IoT
● Virtualization considerations– Full virtualization vs. paravirtualization (VT-x/AMD-V)
– Storage
– Memory
– CPU cores
![Page 12: Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67759d7f8b9a656a8b53e9/html5/thumbnails/12.jpg)
Virtualization Software
![Page 13: Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67759d7f8b9a656a8b53e9/html5/thumbnails/13.jpg)
Labs