[Chugalug] OT: Training

Dave Brockman dave at brockmans.com
Thu Aug 22 16:45:52 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/22/2013 11:31 AM, Know Juan wrote:
> Along these same lines, I'm working to set up a pentesting lab
> where people can vpn in and have a safe place to practice
> penetration testing.  Would anyone be interested in getting access
> to something like that on a subscription basis?

Could you define "a safe place to practice penetration testing"
please?  Why is your VPN "safer" than my house, or my neighbor's
cracked WiFi, or from $dayjob Datacenter?  Also assuming your VPN
would then tunnel *all* my traffic to the Internet through your
connection (otherwise you would have to set up specific tunnel rules
for each connection based on what they wanted to pen-test), what
assurances do I have that you aren't capturing/sniffing my traffic?
And if I connected to your VPN and starting banging away somewhere
like nsa.gov and the helicopters and black suburbans pull up to your
driveway, how quickly will you turn over my subscription information?
 (I know the NSA doesn't give a rats ass about nsa.gov, it's just a
website not connected to anything interesting)

Regards,

dtb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSFkBAAAoJEMP+wtEOVbcdsJoIAJr1bTv5akBUXL8j2+MXfV51
d+u+usgcmrnFIBlMvT3OEs6BW16H33Y/PhDd3qfVm9Rdtxm+gRgtB8j+ECRuk6+p
Y4tnqN8f4UE8a37JXYJuOpMZ2Twuj12oRRs+bwpLTokBPcK56pVUShgM/8K2PYN5
dciawoIk0O83h3RJ2LUTSOL+ZKPTK2/ZsPdXFvbWuOq0DAYHW2A3APoav7j36H5o
fp4j5CVGfVfPoRP5DX5TkEWoax7I9V8yczTyledsDaU4FPRfb/SoHrBr8OPw8ipL
RqMDSDfOnvcO7DmeVU70TIj8eypjp3cto42JDddAPEAun/FhV7inNPZiAM0zSHc=
=0zEj
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list