[Chugalug] OT: Training

Know Juan w32.n01 at gmail.com
Thu Aug 22 17:30:32 UTC 2013


It's safer because it's a sandboxed environment without access to anything
outside.  You don't get to bounce your malicious code off of my network to
target a .mil - you get to VPN into my contained network and attack VMs
that I have set up in said environment - nothing else.  You don't have any
assurances that I'm not sniffing your traffic, but seeing as how this
environment won't enable you to access the internet, that shouldn't be of
much concern.


On Thu, Aug 22, 2013 at 12:45 PM, Dave Brockman <dave at brockmans.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 8/22/2013 11:31 AM, Know Juan wrote:
> > Along these same lines, I'm working to set up a pentesting lab
> > where people can vpn in and have a safe place to practice
> > penetration testing.  Would anyone be interested in getting access
> > to something like that on a subscription basis?
>
> Could you define "a safe place to practice penetration testing"
> please?  Why is your VPN "safer" than my house, or my neighbor's
> cracked WiFi, or from $dayjob Datacenter?  Also assuming your VPN
> would then tunnel *all* my traffic to the Internet through your
> connection (otherwise you would have to set up specific tunnel rules
> for each connection based on what they wanted to pen-test), what
> assurances do I have that you aren't capturing/sniffing my traffic?
> And if I connected to your VPN and starting banging away somewhere
> like nsa.gov and the helicopters and black suburbans pull up to your
> driveway, how quickly will you turn over my subscription information?
>  (I know the NSA doesn't give a rats ass about nsa.gov, it's just a
> website not connected to anything interesting)
>
> Regards,
>
> dtb
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJSFkBAAAoJEMP+wtEOVbcdsJoIAJr1bTv5akBUXL8j2+MXfV51
> d+u+usgcmrnFIBlMvT3OEs6BW16H33Y/PhDd3qfVm9Rdtxm+gRgtB8j+ECRuk6+p
> Y4tnqN8f4UE8a37JXYJuOpMZ2Twuj12oRRs+bwpLTokBPcK56pVUShgM/8K2PYN5
> dciawoIk0O83h3RJ2LUTSOL+ZKPTK2/ZsPdXFvbWuOq0DAYHW2A3APoav7j36H5o
> fp4j5CVGfVfPoRP5DX5TkEWoax7I9V8yczTyledsDaU4FPRfb/SoHrBr8OPw8ipL
> RqMDSDfOnvcO7DmeVU70TIj8eypjp3cto42JDddAPEAun/FhV7inNPZiAM0zSHc=
> =0zEj
> -----END PGP SIGNATURE-----
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130822/0a4dbcec/attachment.html>


More information about the Chugalug mailing list