Penetration Testing mailing list archives
Re: Lab OS Choices
From: Pete Herzog <lists () isecom org>
Date: Thu, 16 Aug 2007 22:25:14 +0200
Hi,Booting from a Live Linux CD is the way to do it. Running it virtually is not only a huge mistake but a disservice to the client. Your job is to look at security under a microscope and by adding more layers of abstraction you may as well be standing on a ladder and peering down into the microscope with binoculars. You cannot get the same packet results consistently with a virtual machine that you will with the original OS on metal.
I wish some university student will finally do their thesis on this to prove me wrong. I wish the virtualization industry has come so far as to make testing from a virtual machine a reality.
So if you're testing at the application level then feel free to have as many layers of abstraction as your little heart can handle because it's often the content of the packets that matter and not the configuration. But if you want to know what's going down on the wire, be a sociologist and get close to it. That's what you'll learn in the OPST.
-pete. www.isecom.org Jason Alexander wrote:
So in a pen test would I be right in thinking that using a virtualised os like backtrack would not produce the same results as a laptop with the os installed directly? I ask this as many pen testers I know use mac books with paralells and have xp and usually BT virtualised to conduct their tests?
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Lab OS Choices, (continued)
- Re: Lab OS Choices Pete Herzog (Aug 17)
- Re: Lab OS Choices M . B . Jr . (Aug 17)
- Re: Lab OS Choices Nikhil Wagholikar (Aug 12)
- Re: Lab OS Choices Shaon Diwakar (Aug 12)
- Re: Lab OS Choices Peter Manis (Aug 12)
- Re: Lab OS Choices M . B . Jr . (Aug 15)
- Re: Lab OS Choices Benjamin Anderson (Aug 15)
- Re: Lab OS Choices Shaon Diwakar (Aug 12)
- Re: Lab OS Choices Shaon Diwakar (Aug 13)
- Re: Lab OS Choices Peter Manis (Aug 13)
- Re: Lab OS Choices Pete Herzog (Aug 16)
- Re: Lab OS Choices Jan Heisterkamp (Aug 17)