Getting Started with a Pentest Distro

1. Understand how to set up, maintain, and secure both Linux and Windows attack machines.

2. Each penetration test or security assessment must be performed from a freshly installed VM

3. Can be grabbed from Torrent NoNameClub

   1. https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/about/

   2. https://www.vmware.com/topics/glossary/content/bare-metal-hypervisor

   3. https://proxmox.com/en/

   4. https://www.vmware.com/products/esxi-and-esx.html

   5. https://www.virtualbox.org/

   6. https://www.vmware.com/products/workstation-player.html

   7. https://www.vmware.com/products/workstation-pro.html

4. A hypervisor is software that allows us to create and run virtual machines (VMs).

5. VMs on a hypervisor run isolated from the primary operating system

   1. Google about VM escape

6. Pull up a VM during an assessment to:

   1. test out an exploit

   2. recreate a target application and stand-up machines in a lab environment to test out the latest tools, exploits, and techniques

7. Set up a home lab:

   1. to attempt to reproduce vulnerabilities

   2. set up vulnerable applications and services

   3. see the effects of remediation recommendations

   4. have a safe place to practice new attack techniques/exploits

8. An ISO gives us more room for customization

9. The OVA file is a pre-built virtual appliance therefore can be rapidly deployed to get up and running quicker.