Lab Setup
In designing this course, I tried to keep the amount of equipment neccessary to run it to a minimum. There is no expensive networking equipment to purchase and no lab environments outside of the student's own laptop (almost).
During the actual course, I give out a VMware image of Windows 2000 that contains 99% of all the tools you need for the course. Since I can't distribute that here, I'll just link to its contents so you can build one yourself:
- Firefox and Chrome (latest versions)
- Notepad++
- COMRaider and Dranzer
- IDA Free, Immunity Debugger, WinDBG, and !exploitable
- Cygwin with netcat, vim, nano, subversion, ruby, perl, python, gcc, nasm, sqlite, wget
- TCPView, Process Explorer (find old versions that work on Win2k)
- Advanced Windows Buffer Overflow binaries
Although the web hacking section of the course could also be done in a Linux VM, I find this works better if you host a single image of a vulnerable application for students to attack. WebGoat is best used during class to demonstrate vulnerability classes, but isn't as useful for homeworks. Instead, I usually point students to a Mutillidae or Moth installation, web-related CTF challenges, or vulnerable apps made by past students of mine. RSnake also has a good list of purposefully vulnerable web applications in an entry on his blog "Hacking Without All the Jailtime."
Post a CommentReferences (1)
-
Response: testicles todayma na ma na
Reader Comments