Network advice for new lab setup, what is safe?

Hi

I'm new to HTB. In fact I'm pretty new to pen testing, forensics etc in general. I'm a developer by trade and I'm just starting to study digital forensics as I want to move more in to that area in the next few years, especially malware analysis and IR.

I've set up VMWare Fusion Pro on my production Mac and have Kali set up and working. I've been using the "Host-only" network adapter setting which is "private to my Mac". With this I'm able to connect to other VM boxes on that same configuration.

I've been searching for information on network configuration but I'm struggling to find clear info on best practice. My main question is, is it generally ok to use a production machine as long as you are using a VM? I'm going to be analysing malware and trying some challenges on HTB and I don't want to compromise my production Mac for obvious reasons as I use it for web development projects and client work. I do have a MacBook which I could use instead but HD space is limited on that so I would prefer to use my main Mac if possible.

Are boxes in VMWare self-contained or can they connect back to the host machine? I need to be able to communicate between Kali and the vuln box(es) but I want neither to be able to connect back to the host.

Any advice would be hugely appreciated and I know this is a noob question but I'd prefer to ask and get it right that stumble my way through something this important.

Cheers
Steve

Tagged:

Comments

  • I know that in VMWare Workstation, you can create a network with the Virtual Network Editor, and you can have the VM's on their own network, with or without external access, and with or without a host adapter.

    In my opinion, as long as its a VM you should be fine, the extra precaution of not having a host adapter for the same network would be advisable, since you will be analyzing malware, and that can be nasty sometimes.

    Plus, VMWare Snapshots are a life saver when doing those things, since you can easily blow it away back to a safe state.

    Waffles
    | OSCP | OSWP | PenTest+ |

  • You should probably use different virtual machines for doing HTB challenges & for doing malware analysis. You should be fine to use VMs to do both challenges & malware reversing. For malware reversing you honestly don't even need to give the virtual machine access to the internet in most cases.

    Looking for past Hack the Box write-ups or other security stuff? Feel free to visit: https://dastinia.io <3

  • edited May 2018

    Thanks both. I've found the settings in Fusion to make my own VPN so thanks for that, Waffles. I've created a private network which doesn't connect back to my Mac but allows both VMs to connect to each other so that should sort that.

    I'll be using different machines for the HTB challenges and malware analysis, as you mention, Onlyamedic. I tend to reset back to a clean snapshot after I've finished doing what I'm doing.

    So is this generally the accepted way of working and do you work this way? I.e. using your main PC with VMs? I'm just a bit paranoid! No harm in that I guess.

Sign In to comment.