1
00:00:06,780 --> 00:00:08,920
- [Instructor] When it comes
to penetration testing,

2
00:00:08,920 --> 00:00:13,920
a proper lab environment
is extremely important.

3
00:00:13,920 --> 00:00:17,020
Not only, of course,
to practice your skills

4
00:00:17,020 --> 00:00:20,140
in a safe environment, but in some cases,

5
00:00:20,140 --> 00:00:23,680
you may be also trying to mimic,

6
00:00:23,680 --> 00:00:26,630
a production environment of your client.

7
00:00:26,630 --> 00:00:28,550
And they may even ask you that,

8
00:00:28,550 --> 00:00:33,510
to have a way to not test
a production environment

9
00:00:33,510 --> 00:00:36,710
but tested offline and
have a mimic of that.

10
00:00:36,710 --> 00:00:41,430
Does a concept that nowadays
we're calling cyber ranges

11
00:00:41,430 --> 00:00:43,660
into the fact that yes,
you can actually practice

12
00:00:43,660 --> 00:00:44,810
your skills and that's one

13
00:00:44,810 --> 00:00:47,230
of the main purpose of a cyber range.

14
00:00:47,230 --> 00:00:51,170
Or in other cases, is to simulate attacks

15
00:00:51,170 --> 00:00:54,840
in a safe environment
and not cause any lateral

16
00:00:54,840 --> 00:00:59,093
or collateral damage
to a production system.

17
00:01:00,510 --> 00:01:02,830
Now, depending on the type
of testing that you're doing,

18
00:01:02,830 --> 00:01:05,760
this environment will
look very, very different.

19
00:01:05,760 --> 00:01:09,050
The types of tools that
you use in your lab

20
00:01:09,050 --> 00:01:12,930
will also vary based on
many different factors.

21
00:01:12,930 --> 00:01:17,480
We will definitely discuss
tools of penetration testing

22
00:01:17,480 --> 00:01:20,170
in a lot of details later in the course.

23
00:01:20,170 --> 00:01:23,610
But here, I will touch on
some of the types of tools

24
00:01:23,610 --> 00:01:27,450
that you may be probably
already familiar with,

25
00:01:27,450 --> 00:01:30,803
that you can actually use to
just getting started and put,

26
00:01:31,870 --> 00:01:33,900
some type of a penetration testing lab

27
00:01:33,900 --> 00:01:35,700
for you to actually practice.

28
00:01:35,700 --> 00:01:40,700
And in a real world, I'm going
to give you some examples

29
00:01:41,130 --> 00:01:45,070
of a little bit larger scale
penetration testing labs,

30
00:01:45,070 --> 00:01:48,870
that large organizations
like the one that I work for,

31
00:01:48,870 --> 00:01:50,610
we have actually developed, you know,

32
00:01:50,610 --> 00:01:52,510
to automate a lot of the testing.

33
00:01:52,510 --> 00:01:55,510
So, the first thing that I
want to actually start with,

34
00:01:55,510 --> 00:01:59,110
is of course, you can actually
start with just basic VMs.

35
00:01:59,110 --> 00:02:04,110
You can use things like
VirtualBox, or VMware,

36
00:02:04,640 --> 00:02:09,640
or KVM in Linux, and create
your own virtual environments.

37
00:02:09,970 --> 00:02:11,660
Me personally, you know,

38
00:02:11,660 --> 00:02:16,410
I can actually use penetration
testing distributions,

39
00:02:16,410 --> 00:02:20,060
like Kali Linux, which is based on Debian,

40
00:02:20,060 --> 00:02:24,010
and it's a very, very popular
distribution out there.

41
00:02:24,010 --> 00:02:26,480
And that distribution
is actually supported

42
00:02:26,480 --> 00:02:28,780
by an organization called
Offensive Security,

43
00:02:28,780 --> 00:02:30,830
so it has a lot of support.

44
00:02:30,830 --> 00:02:33,600
And the convenience of
the distribution is that

45
00:02:33,600 --> 00:02:36,580
it combines a lot of the
penetration testing tools

46
00:02:36,580 --> 00:02:38,150
that are very popular there,

47
00:02:38,150 --> 00:02:40,010
and then you can build upon that, right.

48
00:02:40,010 --> 00:02:41,530
You can put this in your laptop,

49
00:02:41,530 --> 00:02:44,870
you can put it in a VMware environment,

50
00:02:44,870 --> 00:02:47,770
I have actually even use it an OpenStack,

51
00:02:47,770 --> 00:02:50,740
and automating, you know,
in a very large scale,

52
00:02:50,740 --> 00:02:52,180
a lot of the testing.

53
00:02:52,180 --> 00:02:53,820
There are other distributions out there

54
00:02:53,820 --> 00:02:57,930
like Parrot Linux is another
one that actually I have used,

55
00:02:57,930 --> 00:03:01,863
and BlackArch which is
based on Arch Linux.

56
00:03:03,290 --> 00:03:06,210
Now, you also can have different

57
00:03:06,210 --> 00:03:10,530
intentionally vulnerable
applications and systems

58
00:03:10,530 --> 00:03:13,930
that allows you to practice your skills.

59
00:03:13,930 --> 00:03:18,440
And I actually created
a GitHub repository,

60
00:03:18,440 --> 00:03:21,820
and in this repository, I have a section

61
00:03:21,820 --> 00:03:26,630
that has a list of intentionally
vulnerable applications,

62
00:03:26,630 --> 00:03:31,630
and other systems like VMs,
and also different resources

63
00:03:32,220 --> 00:03:35,790
that you can participate in
Capture the Flag events, right.

64
00:03:35,790 --> 00:03:38,070
So you can actually practice your skills

65
00:03:38,070 --> 00:03:43,070
and do a lot of exercises to
enhance your skills as well.

66
00:03:43,280 --> 00:03:46,810
So all these is here for you, of course,

67
00:03:46,810 --> 00:03:49,453
completely free and feel
free to contribute as well.

68
00:03:50,640 --> 00:03:51,900
Now, as I mentioned before,

69
00:03:51,900 --> 00:03:54,050
whenever you're testing a customer network

70
00:03:54,050 --> 00:03:57,090
or any other systems, you most
likely be doing the majority

71
00:03:57,090 --> 00:03:59,720
of the test against
the customer production

72
00:03:59,720 --> 00:04:01,540
or staging environments,

73
00:04:01,540 --> 00:04:02,470
because this is the actual environment

74
00:04:02,470 --> 00:04:04,460
that the customer is actually concerned

75
00:04:04,460 --> 00:04:06,250
about securing improperly.

76
00:04:06,250 --> 00:04:09,180
But in some cases, actually,
they may actually ask you

77
00:04:09,180 --> 00:04:12,280
to create your own lab.

78
00:04:12,280 --> 00:04:15,420
And you should always test
your tools and techniques,

79
00:04:15,420 --> 00:04:19,010
of course, before you run them
against the customer network,

80
00:04:19,010 --> 00:04:21,320
and you do that in a
lab environment as well.

81
00:04:21,320 --> 00:04:22,930
There's no guarantee that the tools,

82
00:04:22,930 --> 00:04:25,550
I mean we will use,
and something like that

83
00:04:25,550 --> 00:04:27,660
will not break something in production.

84
00:04:27,660 --> 00:04:31,620
So that's the reason that is
very important to discuss,

85
00:04:31,620 --> 00:04:33,420
these are the pre-engagement tasks.

86
00:04:33,420 --> 00:04:36,480
And again, we're going to be
covering that in a few minutes.

87
00:04:36,480 --> 00:04:40,720
But the fact that most of these
tools are actually designed

88
00:04:40,720 --> 00:04:43,820
to actually literally break systems,

89
00:04:43,820 --> 00:04:45,900
that's why you actually have to, you know,

90
00:04:45,900 --> 00:04:49,840
make sure that you know, what damage,

91
00:04:49,840 --> 00:04:51,410
some of these tools actually can do

92
00:04:51,410 --> 00:04:54,010
and practice in your own lab.

93
00:04:54,010 --> 00:04:56,700
So again, going back,
you can have, you know,

94
00:04:56,700 --> 00:05:00,490
these vulnerable
applications running on VMs.

95
00:05:00,490 --> 00:05:05,470
I also have an only one version of Kali

96
00:05:05,470 --> 00:05:07,910
that I call WebSploit that has several

97
00:05:07,910 --> 00:05:11,020
vulnerable applications
in Docker containers.

98
00:05:11,020 --> 00:05:12,930
But you can do this in your own right.

99
00:05:12,930 --> 00:05:15,410
So I'm here I'm actually sharing the link

100
00:05:15,410 --> 00:05:19,690
and where you can download
that vulnerable machine.

101
00:05:19,690 --> 00:05:24,370
But also you can install all
these different applications

102
00:05:24,370 --> 00:05:27,410
and vulnerable applications
in Docker containers

103
00:05:27,410 --> 00:05:28,980
in your own environment.

104
00:05:28,980 --> 00:05:31,050
So again, the sky's the limit.

105
00:05:31,050 --> 00:05:34,350
For the purpose, of
course, in this course,

106
00:05:34,350 --> 00:05:37,260
we're going to be focusing a
lot into the methodologies,

107
00:05:37,260 --> 00:05:42,260
and the actual technologies,
and how to break into things

108
00:05:42,500 --> 00:05:44,470
like databases, and web applications,

109
00:05:44,470 --> 00:05:46,530
and networking devices and, you know,

110
00:05:46,530 --> 00:05:49,620
Windows and Linux operating
systems, and so on.

111
00:05:49,620 --> 00:05:52,610
So again, there's many different tools,

112
00:05:52,610 --> 00:05:54,590
many different ways that you can build

113
00:05:54,590 --> 00:05:57,310
your environment, and I'm
going to be highlighting

114
00:05:57,310 --> 00:05:59,083
this throughout the course.