A lot is going on now, 16th of October 2017, about the KRACK attack on WPA2. Links will follow. There was even a (misleading) claim by the president of the German Service for Information Security, Bundesamt für Sicherheit in der Informationstechnik - BSI, Arne Schönbohm, about this attack recommending to switch over to VPN to secure the connections.
In this article I want to clear one detail and potentially somewhat relax the horror this attack, and more of it – its press coverage, is posing on people now. The fact is - all TLS protected connection are still reasonably secure despite the attack! You can surf further without a problem if the sites you visit connect over HTTPS. And most of them do in fact!
Quaoar is not just an object in the Kuiper belt after the Canadian Hackfest 2016. It is a vulnerable machine on vulnhub.
There are many walkthroughs for this machine published. Still, I have decided to post a new one for two reasons. Many pentesters exploit wordpress in long way, whereas there is a quicker one, which is also more convenient, and, this guide contains also a part discussing securing such machine, which is also missing in many other reports, or is even described wrongly.
Here I describe how to create a pentesting or security research virtual laboratory on your own laptop. Using it you can master your pentesting skills and stay reasonably secure yourself when you do it.
Security of the lab is important, because a lab typically contains either vulnerable software or malicious software. You want to isolate your machine and network reasonably from the lab. It also can be that a system you test is both vulnerable and malicious, but you do not know about it yet.