Introduction

What?

Build virtual local testlabs using open source tools.

Why?

• Pentesting needs a lot of practice before you actually approach a client to do the same on their live system.

• It provides a simulated environment, your main system is not touched. If you break your operating system by mistake while experimenting with any hacking-related tools, it happens inside your virtual system. You can reinstall the damaged operating system again.

• We have to stay within the law—always. We must practice our hacking-related tools in a legal way on our own systems.

• You can safely browse any websites in a virtual environment. If some malicious code enters into your simulated environment, let it stay; it won’t touch your main system. You can do every type of testing on it.

• Many of the open source tools are widely reviewed by the forensic community and may be open to more scrutiny, as they are more widely available to the public and are built in non-proprietary code.

• For blue operations, budget is always an issue, and some commercial tools (as robust, accurate, and user-friendly as they might be) cost thousands of dollars.

How?

• KVM on Ubuntu

• Kali VM

• SIFT with REMnux

• Caine VM

• Windows VM

• Binary analysis