VM challenges

I think it would be cool to have challenges that revolve around the virtual side of things. For instance, I am thinking within the next year or so (When I have more fucking time lol) to implement a virtual environment that would allow for security and exploit challenges.

One challenge could be logging in remotely on a Windows 10 enterprise system and your job would be to find an exploit within the OS to gain Admin rights and access a folder that contains a password. I was thinking about doing something like this on my site, but I think it would be nice if HBH had it too.

We could host various things virtually like web servers, but at the same time I know this could get really expensive lol.

I am also unsure if it would be legal to do?

We did this very thing not that long ago and have plans to do more once the override of HBH is complete.

You can see some of the results from the event here

https://www.hellboundhackers.org/forum/crash_and_burn-41-17103_0.html

Crash and Burn was awesome man, but a weekend just wasn't long enough to fully explore everything that was installed, but I suppose knowing you only had 48 hours added more intensity and excitement to it.

Can't wait till we do another one.

Ooooo, so it would actually be like practicing FOR REAL! Sounds cool!

Though, I am curious. What would the expenses be?

1. Sure, you need a box set up, or server, whatever.
2. The price of said content, like OS's.
3. Then of course your utilities, but that wouldn't add any more expense to what you already have, per say (I think).
4. Personal Time/upkeep
5. Others???

If someone knows what the numbers are (reasonably accurate), I'm totally interested in knowing the details.

Set up Windows 10 Enterprise Edition on a virtual machine (VM) and have people log into a user/guest account remotely and test for privilege escalation exploits?!?!

It wouldnt be hard to set up a Web server in a Local DMZ for testing either, which leads me this question; does a home based web server have to be in the DMZ?

Nah it doesn't have to be man, mine isn't.

I know its fully exposed and out in the open, but if your setting up a box for penetration testing used for your site, that might be the best route as if someone would have access to your private network otherwise. Unless you segmented the bullshit network your using for your online users to try and penetrate from your actual home network. I personally would have both physically separated.