Sometimes I take a little different approach to penetration testing than others. I want to make sure I can compromise a system that I understand before doing it to a system that I don’t understand. So I setup lab experiments first.
Mostly what we have here is my writeups on experimental systems. I know I’m not teaching the bad guys anything – they already know this stuff since we generally learn it from them. I also know I’m most likely not teaching some high school miscreant either – that kind of skill level probably wouldn’t understand these writeups anyway. The idea is that I am teaching white hat penetration testers like me how to do their jobs better and stopping the bad guys from getting in. We do this by finding our vulnerabilities before the bad guys do, and exploiting those vulnerabilities in realistic ways so as to scare the pants of uninformed management, encouraging them to keep better secured systems in the future.