Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Showing posts with label Labs. Show all posts
Showing posts with label Labs. Show all posts

Thursday, January 12, 2017

An Intentionally Vulnerable Machine for Exploit Testing - Metasploitable3




Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit .
Metasploitable3 is released under a BSD-style license. See COPYING for more details.

Building Metasploitable 3
System Requirements:
  • OS capable of running all of the required applications listed below
  • VT-x/AMD-V Supported Processor recommended
  • 65 GB Available space on drive
  • 2.5 GB RAM
Requirements:
NOTE: A bug was recently discovered in VirtualBox 5.1.8 that is breaking provisioning. More information here .
NOTE: A bug was recently discovered in Vagrant 1.8.7 on OSX that is breaking provisioning. More information here .
To build automatically:
  1. Run the build_win2008.sh script if using bash, or build_win2008.ps1 if using Windows.
  2. If the command completes successfully, run 'vagrant up'.
  3. When this process completes, you should be able to open the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.
To build manually:

1. Clone this repo and navigate to the main directory.
2. Build the base VM image by running packer build windows_2008_r2.json . This will take a while the first time you run it since it has to download the OS installation ISO.
3. After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command vagrant box add windows_2008_r2_virtualbox.box --name=metasploitable3 .
4. Use vagrant plugin install vagrant-reload to install the reload vagrant provisioner if you haven't already.
5. To start the VM, run the command vagrant up . This will start up the VM and run all of the installation and configuration scripts necessary to set everything up. This takes about 10 minutes.

6. Once this process completes, you can open up the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.


Vulnerabilities

More Information
The wiki has a lot more detail and serves as the main source of documentation. Please check it out .

Acknowledgements
The Windows portion of this project was based off of GitHub user joefitzgerald's packer-windows project. The Packer templates, original Vagrantfile, and installation answer files were used as the base template and built upon for the needs of this project.


Share:

Thursday, September 22, 2016

Forensic Challenges - Labs




URLs

Host Forensics

Computer Forensic Investigation
http://www.shortinfosec.net/2008/07/competition-computer-forensic.html/
Digital Forensics Tool Testing Images
http://dftt.sourceforge.net/
DigitalCorpora
http://digitalcorpora.org/
DFRWS 2014 Forensics Rodeo
http://www.cs.uno.edu/~golden/dfrws-2014-rodeo.html
ForGe Forensic test image generator
https://github.com/hannuvisti/forge
ISFCE Sample Practical Exercise
http://www.isfce.com/sample-pe.htm
Linux LEO Supplemental Files
http://linuxleo.com/
NIST CFREDS
http://www.cfreds.nist.gov/dfr-test-images.html
http://www.cfreds.nist.gov/Hacking_Case.html
p0wnlabs Sample Challenges
http://www.p0wnlabs.com/free/forensics
Samples from Automating DFIR Series
http://www.hecfblog.com/2015/02/automating-dfir-how-to-series-on.html
volatility memory samples
https://code.google.com/p/volatility/wiki/FAQ

Network Forensics

Chris Sanders Packet Captures
http://chrissanders.org/packet-captures/
DigitalCorpora Packet Dumps
http://digitalcorpora.org/corpora/packet-dumps
Enron Email Dataset
http://www.cs.cmu.edu/~enron/
Ethereal Sample Captures
http://www.stearns.org/toolscd/current/pcapfile/README.ethereal-pcap.html
Evil Fingers PCAP Challenges
https://www.evilfingers.com/repository/pcaps_challenge.php
Kholia's Packet Captures
https://github.com/kholia/my-pcaps
LBNL-FTP-PKT
http://ee.lbl.gov/anonymized-traces.html/
MAWI Working Group Traffic Archive
http://mawi.wide.ad.jp/mawi/
PacketLife Capture Collection
http://packetlife.net/captures/
pcapr
http://www.pcapr.net
PCAPS Repository
https://github.com/markofu/pcaps
SANS DFIR Challenge
https://digital-forensics.sans.org/community/challenges
Spy Hunter Holiday Challenge
http://blog.mywarwithentropy.com/2015/11/spy-hunter-holiday-challenge-2015.html
http://blog.mywarwithentropy.com/2014/11/spy-hunter-holiday-challenge-2014.html
Tcpreplay Sample Captures
http://tcpreplay.appneta.com/wiki/captures.html
Wireshark Network Analysis Book Supplements
http://www.wiresharkbook.com/studyguide.html
Wireshark Sample Captures
http://wiki.wireshark.org/SampleCaptures
Xplico Sample captures
http://wiki.xplico.org/doku.php?id=pcap:pcap

Malware Analysis

Contagio
http://contagiodump.blogspot.com/
FakeAVs blog
http://www.fakeavs.com/
malc0de
http://malc0de.com/database/
MalShare
http://malshare.com/
Open Malware / Offensive Computing
http://openmalware.org/
theZoo / Malware DB
http://ytisf.github.io/theZoo/
VirusShare.com / VXShare
http://virusshare.com/
Virusign
http://www.virusign.com/
VX Heaven
http://vxheaven.org/
VXVault
http://vxvault.siri-urz.net
Georgia Tech malrec Page
http://panda.gtisc.gatech.edu/malrec/
Malware Traffic
http://malware-traffic-analysis.net/
Kernelmode Forum
http://www.kernelmode.info
Malware Hub Forum
http://malwaretips.com/categories/malware-hub.103/
Public Documents about APTs
https://github.com/kbandla/APTnotes
CLEAN MX realtime database
http://support.clean-mx.de/clean-mx/viruses.php
Joxean Koret's List
http://malwareurls.joxeankoret.com
MalwareBlacklist.com
http://www.malwareblacklist.com
Sucuri Research Labs
http://labs.sucuri.net/?malware
Android Sandbox
http://androidsandbox.net/samples/
Contagio Mobile Malware
http://contagiominidump.blogspot.com/
HoneyDrive
http://bruteforce.gr/honeydrive
maltrieve
http://maltrieve.org/

Online and CTFs

Black T-Shirt Cyber Forensics Challenge
https://cyberforensicschallenge.com/
DEFCON CTF Archive
https://www.defcon.org/html/links/dc-ctf.html
DFRWS
http://www.dfrws.org/2013/challenge/index.shtml
http://www.dfrws.org/2010/challenge/
http://www.dfrws.org/2011/challenge/index.shtml
http://www.dfrws.org/2007/challenge/index.shtml
http://www.dfrws.org/2006/challenge/
http://www.dfrws.org/2005/challenge/
Digital Forensics Security Treasure Hunt
http://digitalforensics.securitytreasurehunt.com/
ENISA CERT Training Material
https://www.enisa.europa.eu/activities/cert/support/exercise
ForensicKB Practicals
http://www.forensickb.com/2008/01/forensic-practical.html
http://www.forensickb.com/2008/01/forensic-practical-2.html
http://www.forensickb.com/2010/01/forensic-practical-exercise-3.html
http://www.forensickb.com/2010/06/forensic-practical-exercise-4.html
http://www.forensickb.com/2011/01/simple-forensic-puzzle-1.html
http://www.forensickb.com/2011/02/forensic-puzzle-6.html
HackEire CTF
https://github.com/markofu/hackeire
Honeynet Challenges
https://www.honeynet.org/challenges
http://old.honeynet.org/scans/index.html
Jack Crook's DFIR Challenges
https://docs.google.com/file/d/0B_xsNYzneAhEN2I5ZXpTdW9VMGM
I Smell Packets
http://ismellpackets.com/
Network Forensics Puzzle Contest
http://forensicscontest.com/puzzles
RingZer0 Team
http://ringzer0team.com/challenges
UMass Trace Repository
http://traces.cs.umass.edu/

Source: amanhardikar

By OffSec
Share:

Sunday, July 17, 2016

Practice Penetration Testing - Labs



I found this page, it has a pretty good mind-map listing all available labs to practice your skill in doing penetration testing.  

Vulnerable Web Applications [36 unique web applications]



Vulnerable Operating System Installations [16+ unique OS setups]



Sites for Downloading Older Versions of Various Software [3 sources]



Sites by Vendors of Security Testing Software [8 unique sites]



Sites for Improving Your Hacking Skills [16 unique sites]




The link is http://www.amanhardikar.com/mindmaps/PracticewithURLs.html

OffensiveSec Blog
Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition