Solved

Short workshop pentesting (Nessus/Metasploit) - how to build the lab?

Posted on 2013-12-04
3
446 Views
Last Modified: 2013-12-04
Experts,

For a small IT Service Management team I want to organize a small, hands-on workshop of 1 hour to teach the basics of scanning for vulnerabilities with Nessus and exploiting vulnerabilities, preferably with Metasploit.

I'm looking for a particularly vulnerable version of Linux to include in the testlab. I've heard about Damn Vulnerable Linux, but then again I also heard that it is more tailored towards web application security.

Any thoughts?
0
Comment
Question by:gwx
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39697432
That is all right but preferred more specific like  Metasploitable 1/2 and web apps is a good means to reveal more of scanner capability as well e.g. OWASP Broken Web Applications

https://securitystreet.jive-mobile.com/#jive-document?content=%2Fapi%2Fcore%2Fv2%2Fdocuments%2F1875

Couple of vulnerable web apps
http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html
0
 
LVL 63

Expert Comment

by:btan
ID: 39697442
Good to jote the testing done involving nessus with metasploitable too
http://hackertarget.com/nessus-openvas-nexpose-vs-metasploitable/
0
 

Author Closing Comment

by:gwx
ID: 39697522
I can work with this, thx.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
OfficeMate Freezes on login or does not load after login credentials are input.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question