Th4ntis Posted November 22, 2019 Share Posted November 22, 2019 So a colleague and I were talking and he says he does most of pentesting engagements from a VM, not only because of an OpSec standpoint but also when you connect to some servers, it logs your hostname so a VM is more easily modified and contained in a VM. When you develop payloads your host machine metadata isn't logged. I personally don't think you need to use a VM in most cases on engagements as you can still modify your hostname and your machine to match the environment of your engagement, and that using your host machine is just as good as a VM. So what do you guys use and why? Link to comment Share on other sites More sharing options...
Bigbiz Posted November 22, 2019 Share Posted November 22, 2019 A vm is more safe say you ran into a terrible malware. You can easily shut it down. Ect had a crash of valid info Link to comment Share on other sites More sharing options...
digininja Posted November 22, 2019 Share Posted November 22, 2019 Why should you be running into malware on a test? And even if you do, your machine should be hardened so it's unlikely to get infected. I'd say the comments on changing hostname and meta data are wrong, you can get those on a host or a guest so a VM doesn't make any difference. For me, it depends on how you use the machine. If it's your everyday Windows box and you have all your general purpose apps on the host, running a testing specific VM, probably Linux based, would be a good idea. Conversely, if this is a dedicated testing machine, then install all your tools on the host as that generally gives better performance. VMs are good for giving alternative environments. My host is Linux but I have a testing Windows VM for Windows specific tools, all the rest are on the host. If I need a specific toolset for a specific client that I won't need for anyone else, I may build that in a VM so I can put it away at the end of the job. There are no wrong or right answers, but I'd say it looks quite unprofessional if you turn up on site with a general purpose machine that has games and all sorts of other none business related stuff on it. Remember this machine is likely to end up containing some very sensitive client data so putting it on a box cluttered with games and other random stuff found on the internet isn't going to look good and also increases your attack surface which increases the likelihood of exposing that data. Link to comment Share on other sites More sharing options...
Bigbiz Posted November 28, 2019 Share Posted November 28, 2019 Hypatheticly as an example. Ill give you another one. Your tryin to instaalll some drivers for a super awesome device that you got. You think you know what your doing followed some guides you edit your os files then bam. Destroyed it. Link to comment Share on other sites More sharing options...
digininja Posted November 28, 2019 Share Posted November 28, 2019 That isn't specific to security testing though, that is just normal use of a machine. It also assumes you can pass the device through to the VM successfully. Link to comment Share on other sites More sharing options...
Bigbiz Posted November 30, 2019 Share Posted November 30, 2019 Good ok. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.