Home
Certification Preparation
Other Security Certifications
Pentesterlab
g33k3r
Has anyone used Pentesterlab? What are your thoughts?
Find more posts tagged with
Comments
636-555-3226
Just set up your own lab. To destroy you must first create. To tear down you must first know how to build.
How can you hack something if you don't know how it works? How can you tell people how to fix stuff if you don't know how they set it up incorrectly in the first place?
deyavi
No fun if you build your own lab, you would know what's wrong already, unless you build a lab with vulnhub machines or something...
636-555-3226
Agree to a point. installing a SQL database with a default config will tell you it has a default config that can be hacked, but it isn't going to teach you how to, say, use sqlmap or burp.
also, what's the point of knowing how to use, say, sqlmap or burp if you don't know how to fix the problems? if i paid a consultant to break into my website and they said, yeah, we broke into it, thanks for the money, then i wouldn't pay them squat. At the end of the day I want a report-out telling me why these things should be fixed and how to fix them.
another example - set up a domain controller that uses volume shadow copy for backups. maybe you know that you can use that to pull off the passwords, but do you actually know how to do it, what commands are involved (powershell or otherwise), how to disable logging/alerting whenever the service is stopped or started? knowing there's a problem doesn't equate with knowing how to take advantage of it.
g33k3r
I was actually referring more to the training content on the site vs. the vulnerable machines available for download.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
