If you don't mind, I have a specific question regarding this setup. I've been looking into getting into pentesting, mostly for fun. I decided on messing around with HackTheBox as a starting point. Seeing as you need to connect to their VPN, it seems like a good idea to me to separate this activity from my personal network.
Which networking setup do you use for your pentesting VM? Ideally, I'd want a setup where the VM can access the internet (and therefore the HTB VPN), but not anything inside my local network. But I don't quite know how I could achieve that, at least in a way where I'd trust it to be reliable. Maybe the whole idea's a bit too paranoid to be practical in general, I don't know, so I'd love an expert opinion on this :)
Usually, I'd be using QEMU, but I'd be fine with using VirtualBox for this case if it includes something that makes this easier.
You can probably do this for VirtualBox (and any Linux program) by using tun2socks to create a network interface that routes through a proxy (SOCKS5 if you want UDP support), and then moving that network interface to a new namespace. You can run VirtualBox or any other programs in that new namespace, they don't have to be aware of the proxy at all (since they just see a regular gateway).
You could take a look at Whonix and Qubes - even if you don't use them you can roll your own setup with a similar approach: Have a dedicated "netvm"/"proxyvm" which only acts as a network bridge. "Minimal Whonix" consists of one workstation VM and one gateway VM (forcing everything over tor). Qubes integrates this approach into the UI of the hypervisor.
Then you can be more confident that (barring something escaping the VM), you have control of what a particular VM may or may not access. Also allows you to have a couple of different netvms (maybe one does give some access to your internal network, one connects only over tor, one via some VPN...) that you can switch between without needing to change anything on the actual VM of concern.
It depends on your setup and workload. On a recent Intel CPU, our performance dashboard shows +10% for some benchmarks. It's hard to make a general statement though.
NanoCoaster|2 years ago
Which networking setup do you use for your pentesting VM? Ideally, I'd want a setup where the VM can access the internet (and therefore the HTB VPN), but not anything inside my local network. But I don't quite know how I could achieve that, at least in a way where I'd trust it to be reliable. Maybe the whole idea's a bit too paranoid to be practical in general, I don't know, so I'd love an expert opinion on this :)
Usually, I'd be using QEMU, but I'd be fine with using VirtualBox for this case if it includes something that makes this easier.
Manouchehri|2 years ago
https://github.com/xjasonlyu/tun2socks
3np|2 years ago
Then you can be more confident that (barring something escaping the VM), you have control of what a particular VM may or may not access. Also allows you to have a couple of different netvms (maybe one does give some access to your internal network, one connects only over tor, one via some VPN...) that you can switch between without needing to change anything on the actual VM of concern.
bongodongobob|2 years ago
blitzclone|2 years ago
unknown|2 years ago
[deleted]