For this week’s “Tutorial Tuesday” I would like to help those who may be asking a question I once found myself very curious about – “How can I learn Penetration Testing without having an entire lab setup at home?” – I can already hear some of you shouting “Virtual Machines!” – And you’re absolutely correct.

But instead of simply telling you how to setup a plethora of VMs, configuring them, then going into endless tutorials on how to secure and exploit those “fake” servers yourself, why not point you to a place where you can get pre-configured VMs and the tutorials and assignments for learning how to discover the vulnerabilities? The focus point I’m speaking of is De-Ice.net. More specifically their pre-configured PenTesting Disks (they are actually distributed as LiveCDs, but I like to simply run them in a VM instead of burning them to disc and running them). There are currently two levels to choose from and a grand following of users that are there to help answer your questions, and some well written tutorials to show you what to look for and provide some helpful tips for when you get stuck.

I thought this was a great resource especially if you’re someone who learns through doing instead of simply reading or listening to lectures. So don’t take my word for it, give them a try, and if you’re already an experienced PenTester, then let us know your thoughts or other resources for those wishing to learn some more.

De-Ice.net

Each Tuesday, Security Musings features a topic to help educate our readers about security.  For more information about Gemini Security Solutions’ security education capabilities, contact us!

Tags: PenTesting

This entry was posted on Tuesday, November 18th, 2008 at 12:23 am by Tim Donaworth and is filed under Tutorial Tuesday. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.