Repository

Looks good to me!

User Tools

Site Tools

Trace: setup
projects:cybersecurity:setup

Environment setup

If you've run a virtual machine, you've already had exposure to a hypervisor...

Loading an untrusted virtual machine (and by extension, live CDs) is *highly* dangerous, since a virtual machine can function as a gateway to the internal network, or be preloaded with malicious scripts that can do a variety of things:

  • In bridged networking mode, the VM can have access to resources in the internal network (which is most likely unprotected), as well as exfiltrating data.
  • Host-only networking still allows VMs to probe for security vulnerabilities on the host computer, and use it as a platform to forward attacks.
  • Live CDs suffer from the same problem, on top of having full disk access as well if the disk were unencrypted.

One ScriptJunkie created the The Hacker Games VM to demonstrate such issues.

Consider the following setups:

  1. Attacker machine:
    1. Ideally should be deployed as a VM: snapshots can be performed when the VM is in a known clean state, which one can restore when performing updates or resetting changes possibly triggered by the target VM. Networking mode should be Host-only.
    2. Should have two separate adapters: one connected to the host and with ports exposed for remote control (e.g. VNC or RDP) / control via virtualizing software, and the other connected to the target machine.
    3. Should be fully patched, does not contain sensitive data, and close unneeded services.
  2. Host machine:
    1. Runs the virtualizing software.
    2. Blocks incoming ports (unless required) from the attacker machine, and does not have a direct connection to the target VM.
    3. When accessing the attacker machine, the internet-facing adapter should ideally be disabled.
    4. Setup IDS and/or IPS systems.
  3. Target machine:
    1. Networking mode configured by virtualizing software should ideally be the internal network containing only the attacker and target machine (Internal Networking for VirtualBox, LAN Segment for VMWare).

Possible sources for IDP/IPS by Security Onion.

Some resources provided by VulnHub: https://www.vulnhub.com/resources/

projects/cybersecurity/setup.txt · Last modified: 18 months ago ( 2 May 2023) by 127.0.0.1