Hi Drexx, I am on it. This will be a good one actually. I'm doing pen testing for a quite awhile now. And maybe I can join this. I do have some VMware images already that I could share to pips.
Thanks, Mike On Mon, Nov 10, 2008 at 6:12 PM, Drexx Laggui [personal] <[EMAIL PROTECTED]> wrote: > 10Nov2008 (UTC +8) > > On 11/6/08, Sujiru <[EMAIL PROTECTED]> wrote: >> Yeah, really helpful and educational. As a linux hobbyist with an interest >> in security I was >> wondering if it's possible to tag along on your engagements? Do you have >> informal >> gatherings we noobs can attend? >> >> http://wehavedayjobs.blogspot.com > > Unfortunately, a pentest engagement is not a spectator sport :) But > I've been thinking about hanging out with a bunch of like-minded > individuals to teach other stuff. > > What if, somebody comes up with a machine (a powerful laptop with WLAN > is best) that has VMware in it, then somebody else provides a victim > MS Windows VMware image, then somebody else provides a Linux or > Solaris VMware image also as a victim, then you have Joomla or Drupal > plus web content, and MySQL and MS SQL victims contributed by others, > then everybody else with their laptops (and WLAN) with Metasploit and > Nessus come out to party? It'll be good to have a Snort IDS in the mix > too. > > There are only a few rules that I can suggest: > 1. Everybody may be anonymous. If you know the name, or you give your > name, then that is optional. > 2. If you can't contribute, that means you're a marketing drone or > you're there just to leech off. Somebody must contribute something > technically --but its interpretation is subjective. > 3. This organization will be informal. No regular meetings, no > contributions, no SEC registration, no officers, no NDA. Everybody > will be equal. > 4. This will be an equal-opportunity educational thing. Whatever your > gender or sexual preference is, what your religion or language is, > noob or L33t haXor, as long as you can contribute something, you'll be > welcome as a peer. > 5. Every gathering will be a one-day thing. Preferably 11am or later > (I can't do mornings) > > To start of, I have a dual-battery SUV that has a power outlet for > 110v boxes. That means I can contribute the victim server (quad-core > CPU & 4GB RAM) with a VMware in it, plus a WLAN access point, so that > we can hang out either in a parking lot while sitting down in a coffee > shop nearby, or we can move the test equipment in a room somewhere. > And if we're in a room, I can also bring a projector so I can teach > you all what is happening on a server and also how to fine tune your > Nessus, Nmap, Net Stumbler, Metasploit or SQLninja attacks. > > Somebody else has to contribute the VMware images for the victim > servers. Let's start with a group of 10 or 15 so it won't be too hard > to mentor others. What say you? > > > Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA > http://www.laggui.com ( Singapore / Manila / California ) > Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer > PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- Michael F. Mondragon GPG Key ID: F045471B M: +63 929 232 5070 W: http://www.michaelfmondragon.tk E: [EMAIL PROTECTED] _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
