Jump to content

VM Vs Host Machine


Recommended Posts

So a colleague and I were talking and he says he does most of pentesting engagements from a VM, not only because of an OpSec standpoint but also when you connect to some servers, it logs your hostname so a VM is more easily modified and contained in a VM.  When you develop payloads your host machine metadata isn't logged.
I personally don't think you need to use a VM in most cases on engagements as you can still modify your hostname and your machine to match the environment of your engagement, and that using your host machine is just as good as a VM.

So what do you guys use and why?

Link to comment
Share on other sites

Why should you be running into malware on a test? And even if you do, your machine should be hardened so it's unlikely to get infected.

I'd say the comments on changing hostname and meta data are wrong, you can get those on a host or a guest so a VM doesn't make any difference.

For me, it depends on how you use the machine. If it's your everyday Windows box and you have all your general purpose apps on the host, running a testing specific VM, probably Linux based, would be a good idea. Conversely, if this is a dedicated testing machine, then install all your tools on the host as that generally gives better performance.

VMs are good for giving alternative environments. My host is Linux but I have a testing Windows VM for Windows specific tools, all the rest are on the host. If I need a specific toolset for a specific client that I won't need for anyone else, I may build that in a VM so I can put it away at the end of the job.

There are no wrong or right answers, but I'd say it looks quite unprofessional if you turn up on site with a general purpose machine that has games and all sorts of other none business related stuff on it. Remember this machine is likely to end up containing some very sensitive client data so putting it on a box cluttered with games and other random stuff found on the internet isn't going to look good and also increases your attack surface which increases the likelihood of exposing that data.

  • Upvote 1
Link to comment
Share on other sites

Hypatheticly as an example. Ill give you another one. Your tryin to instaalll some drivers for a super awesome device that you got. You think you know what your doing followed some guides you edit your os files then bam. Destroyed it.

Edited by Bigbiz
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...