Step On In, The Water's Fine! - An Introduction To Security Testing Within A Virtualized Environment
Download as pptx, pdf3 likes1,994 views
The document discusses setting up a virtual testing environment using VMware ESXi. It provides information on hardware requirements, virtualization platform options, and how to install and configure VMware ESXi. It also discusses obtaining offensive, forensic, vulnerability and virtual appliance distributions and converting them to a format compatible with the ESXi hypervisor. The goal is to help security professionals practice their skills using a virtual lab environment to increase their knowledge and make them more attractive candidates for information security jobs.
More Related Content
What's hot (20)
Viewers also liked (15)
Similar to Step On In, The Water's Fine! - An Introduction To Security Testing Within A Virtualized Environment (20)
Recently uploaded (20)
Step On In, The Water's Fine! - An Introduction To Security Testing Within A Virtualized Environment
- 1. Step On In, The Water’s Fine! An Introduction To Security Testing Within A Virtualized Environment
- 3. Thank You! …to all of the crew that has a part in this amazing conference!
- 4. About Me: • Tom Moore – Twitter: @c0ncealed • Christian, Husband, & Father • Red Team / Penetration Tester • High Hack Society / Proverbs Hackers / 304Geek • Unrelenting G33K • 2nd Amendment Supporter • Should in NO WAY be considered an expert in anything that I may say. =) • SUPPORT HACKERS FOR CHARITY!
- 5. Agenda: My goal is to provide meaningful information in the area of virtualized testing environment options. I also wish to convey why an understanding of this subject is vastly needed and for the most part easily attainable, even though the subject is often avoided or overlooked.
- 6. Disclaimer:
- 7. Disclaimer:
- 8. Disclaimer:
- 9. Disclaimer:
- 10. Role Playing: You are applying for a role within an organization’s Information Security Group... One of the questions that a reputable organization ‘should’ ask you would be: “What you are doing to either maintain, or increase your relevant skill-set?” What is your response?
- 11. What Is Needed: Candidates for employment that not only have a degree or relevant certifications, but also possess a true working knowledge of how to leverage their toolsets to achieve the expected goal.
- 12. What Can Be Done: Security Professionals in training need to take a more direct approach towards ensuring that they understand not only the tools introduced to them, but also the underlying architectures that they operate on. A more informed candidate is what is being sought after in today’s Information Security job market.
- 13. How This Can Be Accomplished:
- 14. What Is Needed: Candidates for employment that not only have a degree or relevant certifications, but also possess a true working knowledge of how to leverage their toolsets to achieve the expected goal. Credit: CSOOnline.com - http://www.csoonline.com/article/2146363/security-leadership/self-taught-hackers-rule.html
- 15. What Is Needed: Candidates for employment that not only have a degree or relevant certifications, but also possess a true working knowledge of how to leverage their toolsets to achieve the expected goal. Credit: CSOOnline.com - http://www.csoonline.com/article/2146363/security-leadership/self-taught-hackers-rule.html
- 16. What Is Needed: Candidates for employment that not only have a degree or relevant certifications, but also possess a true working knowledge of how to leverage their toolsets to achieve the expected goal. Credit: CSOOnline.com - http://www.csoonline.com/article/2146363/security-leadership/self-taught-hackers-rule.html
- 17. How You Can Get There: Practice… Practice… Practice… Where You Can Practice:
- 18. How You Can Get There: Practice… Practice… Practice… Where You Can Practice:
- 19. How You Can Get There: Practice… Practice… Practice… Where You Can Practice: Set up your own virtual lab! • The cost is well worth the gain • There are many open-source solutions • Many toolset distributions now use virtual machines as primary medium • A wide variety of vulnerable environments are also available for your learning pleasure
- 20. Need Another Reason?: More and more, the physical environments are going away!
- 21. Definition of Terms: Hypervisor: A hypervisor is a virtual machine monitor (VMM). It is generally a piece of computer software, firmware, or hardware that creates and runs virtual machines. A computer on which a hypervisor is running is defined as a host machine. The virtual machines that run on this host are referred to as guest machines.
- 22. Definition of Terms: Virtual Machine: A virtual machine (VM) is a software based emulation of a computer. Virtual machines generally operate based on the architecture and functions of a real computer.
- 23. Definition of Terms: Snapshot: A snapshot preserves the state and data of a virtual machine at a specific point in time. The state includes the VM’s power state. (ex: powered-on, powered-off, or suspended) The data includes all of the files that make up the VM. This includes disks, memory, and other devices, such as virtual network interface cards.
- 24. Definition of Terms: Snapshot: A snapshot preserves the state and data of a virtual machine at a specific point in time. The state includes the VM’s power state. (ex: powered-on, powered-off, or suspended) The data includes all of the files that make up the VM. This includes disks, memory, and other devices, such as virtual network interface cards.
- 25. Definition of Terms: Snapshot: A snapshot preserves the state and data of a virtual machine at a specific point in time. The state includes the VM’s power state. (ex: powered-on, powered-off, or suspended) The data includes all of the files that make up the VM. This includes disks, memory, and other devices, such as virtual network interface cards.
- 26. Definition of Terms: Bridged / NAT / Host Only : The options available to configure virtual network adapters within VM’s. Bridged: Binds the virtual network adapter directly to your physical ethernet adapter. The VM will obtain DHCP lease from the physical network. NAT: Binds the virtual network adapter behind a NAT environment. Obtains internal DHCP address and shares the physical ethernet adapter’s public IP address for external communication. Host Only: Allows internal network communication only. DHCP lease obtained behind internal NAT.
- 27. Let’s Get Technical: Enough with the hypothetical, let’s get into the bits… cause this bytes… =P Structure for the approach: • Hardware considerations • Virtualization platform options • Example set-up of Vmware ESXi • Offensive or Forensic Distributions • Ex: Kali, SamuraiWTF, SIFT, etc. • Virtual Appliances • Vulnerable Distributions • Ex: Metasploitable 2 or NOWASP
- 28. Hardware Considerations: • While the CPU speeds do matter, they will not be your primary concern. • A quad-core CPU is recommended. • What you will need plenty of are: • Memory (RAM) • Hypervisors are memory hogs. • Hard Drive Capacity (HDD) • VM’s range drastically in size, especially when Snapshotted. • A sufficient Power Supply will need to be accounted for based on the above specifications.
- 29. Virtualization Platforms: • VMware Fusion (Mac) • VMware Player/Workstation (Win/Linux) • VMware ESXi/ESX (Server) • Parallels (Mac) • Oracle VirtualBox (Mac/Win/Linux) • ProxMox (Server, running OpenVZ as guest) • XenServer (Server, running OpenVZ as guest) This list should not be considered all-inclusive. These are simply platforms that I have tested and that are for the most part easily attainable.
- 30. VMware ESXi Setup: • For our example, I have set up a VMware ESXi Hypervisor on this MacBook Pro system. • System Specs: • CPU: Quad-core Intel i7 2GHz • RAM: 16GB 1333MHz DDR3 • HDD: WD Black 500GB 7200 RPM • VMware ESXi is free for educational purposes. Register on vmware.com for a license key.
- 31. VMware ESXi Setup: • Further Information… • This installation is performed by using the following configuration: •VMware ESXi .iso image is on host MacBook Pro. •Created a New virtual machine within VMware Fusion. •Set the ESXi .iso as the boot media for the VM. • (This is being done this way for demonstration purposes. If you have physical hardware for ESXi, use that)
- 53. VMware ESXi Management: • The one disadvantage to using VMware ESXi, in my opinion, is that the most effective management interface is in the form of a Windows fat client. • Due to this, we will also go through the process of setting up a Windows 8 VM with the VMware vSphere Client as well as the VMware vCenter Converter Standalone application. • This will be our ESXi management VM.
- 54. VMware ESXi Management: • Further Information… • This installation is performed by using the following configuration: •Windows 8.1 .iso image is on host MacBook Pro. •Created a New virtual machine within VMware Fusion. •Set the Windows 8.1 .iso as the boot media for the VM. • (This is done so that we don’t have to have a physical Windows box for ESXi Management.)
- 90. VMware ESXi Management: • Now we will register VMware ESXi Server through the vSphere Client. • The key should have been obtained when you registered for your vmware.com account and downloaded your ESXi iso files and binaries. • When its registered, you will see the status message in the bottom right-hand corner of the client disappear.
- 98. VMware ESXi Management: • Now we will setup VMware vCenter Converter Standalone. • This will be used to convert VMware images into an ESXi format. • It will also transfer VM’s over to our ESXi Server after conversion.
- 114. Offensive / Forensic D• isKtarlii bLuintuiox ns: • Arch Assault • Pentoo • SamuraiWTF • MobiSec • Backbox Linux • Blackbuntu • BlackArch Linux • REMnux • SIFT Workstation • DEFT Linux • CAINE
- 116. Offensive / Forensic D• isStcrriebeunstihoontss! :
- 117. Virtual Appliances: • Routers / Switches • Vyatta • Firewalls • pfSense • Intrusion Prevention Systems • Intrusion Detection Systems • SecurityOnion • Security Incident and Event Monitoring • AlienVault OSSIM
- 120. Vulnerable Distributions: • Metasploitable 2 • NOWASP Mutillidae • OWASP Broken Web Apps • Web Security DoJo • HADES • VulnVOiP • VulnVPN • Dexter • Brainpan • Relativity
- 121. Vulnerable Distributions: • VulnHub www.vulnhub.com • Credit: g0tm1lk
- 123. Vulnerable Distributions: • Leveraging VulnHub.com, we will pull down a copy of Metasploitable2 as our vulnerable guest distribution. • Now we will use VMware vCenter Converter Standalone to convert our new vulnerable image and then push it to our ESXi server.
- 145. Vulnerable Distributions: • Now let’s spin it up! • Once we have the Metasploitable 2 VM powered on, we will go back to our Kali VM within VMware Fusion. • From the Kali offensive VM, let’s scan the virtual DHCP range looking for our new vulnerable guest machine!
- 149. Congratulations!:
- 150. Congratulations!: • You have just gone through the process of setting up a virtual testing lab with a VMware ESXi hypervisor! • You have a Windows VM set up to manage your hypervisor. • You know where to obtain your Offensive, Appliance, and Vulnerable distributions and VMs. • You also know how to convert and transfer them to your ESXi server! • You then saw how easy it was to enumerate guests from your Kali VM!
- 151. Summary: • InfoSec Recruiters for organizations are looking for candidates that KNOW how to leverage the needed tools to perform an assessment. • You can teach yourself skills that may not be covered in most curriculums through the use of Virtual Environments. • It takes time, it’s not easy, but it will pay off. • YOU CAN DO IT!
- 152. Summary: • InfoSec Recruiters for organizations are looking for candidates that KNOW how to leverage the needed tools to perform an assessment. • You can teach yourself skills that may not be covered in most curriculums through the use of Virtual Environments. • It takes time, it’s not easy, but it will pay off. • YOU CAN DO IT!
- 153. Resources: • Virtualization Platforms • VMware ESXi Download - https://my.vmware.com/web/vmware/info/slug/datacenter_clo ud_infrastructure/vmware_vsphere_hypervisor_esxi/5_5 • VMware Free vSphere Registration - https://my.vmware.com/web/vmware/evalcenter?p=free-esxi5& lp=default • VMware Player - https://my.vmware.com/web/vmware/free#desktop_end_user _computing/vmware_player/4_0 • VMware Fusion - http://www.vmware.com/products/fusion • VMware Workstation - https://my.vmware.com/web/vmware/info/slug/desktop_end_u ser_computing/vmware_workstation/10_0 • Parallels - http://www.parallels.com/landingpage/pd/general/ • Oracle VirtualBox - https://www.virtualbox.org/wiki/Downloads • ProxMox VE - http://www.proxmox.com/downloads/ • Citrix XenServer - http://www.citrix.com/products/xenserver/try.html
- 154. Resources: • Offensive Distributions • Kali Linux - http://www.kali.org/downloads/ • Arch Assault - https://archassault.org/download/ • Pentoo - http://www.pentoo.ch/download/ • SamuraiWTF - http://sourceforge.net/projects/samurai/ • MobiSec - http://sourceforge.net/projects/mobisec/files/ • Backbox Linux - http://www.backbox.org/downloads • Blackbuntu - http://sourceforge.net/projects/blackbuntu/ • Blackarch Linux - http://blackarch.org/download.html • REMnux - http://sourceforge.net/projects/remnux/ • SIFT Workstation - http://digital-forensics. sans.org/community/downloads • Deft Linux - http://www.deftlinux.net/download/ • CAINE - http://www.caine-live.net/page5/page5.html
- 155. Resources: • Virtual Appliances • VMware VA Marketplace - https://solutionexchange.vmware.com/store/category_groups/ 19 • Turnkey Linux - http://www.turnkeylinux.org/it-infrastructure • ShareVM - http://sharevm.wordpress.com/2009/09/25/top-ten- vmware-virtual-appliances-for-security/ • Vyatta - http://www.brocade.com/forms/jsp/vyatta-download/ index.jsp • pfSense - https://www.pfsense.org/download/ • Security Onion - http://sourceforge.net/projects/security-onion/ • AlienVault OSSIM - http://www.alienvault.com/open-threat-exchange/ projects
- 156. Resources: • Vulnerable Distributions • VulnHub- http://www.vulnhub.com (Many worth mentioning, but this site will get you there)
- 157. One More Thing: • If you want to experience another amazing conference with the same feel as DerbyCon, go to Hack3rCon! • When: November 14-16, 2014 • Where: Charleston, WV • Web: www.hack3rcon.org • Twitter: @hack3rcon
- 158. I’m Out: THANK YOU!
- 159. Contact Info: • Name: Tom Moore • E-mail: [email protected] • Twitter: @c0ncealed • Slides: THANK YOU!
Editor's Notes
- #14: In addition to book learning, hands-on experience with these toolsets should be the recipient of your invested time.
- #18: Another reason why training yourself to test in virtual environments is so valuable, is that most companies are now
- #19: Another reason why training yourself to test in virtual environments is so valuable, is that most companies are now
- #20: Another reason why training yourself to test in virtual environments is so valuable, is that most companies are now
- #21: Some might argue that familiarizing yourself within a virtual environment will be a more relevant method of training and will give you experience that employers are already looking for in their next-generation of security professionals.
- #29: All of this is relative. I’ll be setting up an ESXi VM on my MBP It is running a Quad-core i7 2GHz CPU and has 16GB 1333 MHz DDR3 Ram Western Digital Black 500gb 7200 RPM HDD
- #30: All of this is relative. I’ll be setting up an ESXi VM on my MBP It is running a Quad-core i7 2GHz CPU and has 16GB 1333 MHz DDR3 Ram Western Digital Black 500gb 7200 RPM HDD
- #31: All of this is relative. I’ll be setting up an ESXi VM on my MBP It is running a Quad-core i7 2GHz CPU and has 16GB 1333 MHz DDR3 Ram Western Digital Black 500gb 7200 RPM HDD
- #152: Rob Schneider
- #153: Rob Schneider
- #154: Rob Schneider
- #155: Rob Schneider
- #156: Rob Schneider
- #157: Rob Schneider