Why build your penetration testing labs in the cloud?

At some point in their careers, security professionals may build penetration testing labs where they can practice their skills safely in an isolated environment. At this point, you might be asking yourself: What’s inside a penetration testing lab environment?

Figure 1.1 – Penetration testing lab example

In Figure 1.1, we can see that a penetration testing lab environment is simply a controlled environment that hosts several vulnerable-by-design applications and services. These applications have known vulnerabilities and misconfigurations that can be exploited using the right set of tools and techniques. These vulnerabilities are incorporated to provide a realistic environment for penetration testers to practice and simulate real-world attack scenarios. In addition to this, security researchers and penetration testers can dive deeper into various attack vectors, explore new techniques for exploitation, and develop countermeasures.

Before going over the benefits of setting up our penetration testing labs in the cloud, let’s discuss why having a penetration testing lab environment is a great idea. Here are some of the reasons why it is recommended to have a penetration testing lab environment:

• Learning penetration testing in a dedicated lab environment helps you stay away from legal trouble. Attacking a system owned by another person or company is illegal without a contract, consent, or agreement.
• Given that penetration tests may corrupt data, crash servers, and leave environments in an unstable state, having a separate penetration testing lab will help ensure that production environments are not affected by the possible side effects of penetration test simulations.
• We may also use these lab environments while developing custom penetration testing tools to automate and speed up certain steps in the penetration testing process.
• We can also practice defense evasion in these environments by setting up various defense mechanisms that could detect and block certain types of attacks.
• We can hack lab environments to teach the fundamentals of penetration testing to security enthusiasts and beginners.
• Penetration testing labs can be used to validate a newly disclosed vulnerability. These isolated environments can also be used to verify whether a previously known vulnerability has already been remediated after an update, a configuration change, or a patch has been applied.

Now that we have discussed why it is a good idea to have a penetration testing lab environment, it’s about time we talk about where we can host these hacking labs. In the past, most security practitioners set up their lab environments primarily on their local machines (for example, their personal computer or laptop). They invested in dedicated hardware where they can run virtual lab environments using VirtualBox or other alternative virtualization software:

Figure 1.2 – Running penetration testing lab environments on your local machine

In Figure 1.2, we can see that a common practice in home lab environments involves creating snapshots (used to capture the current state) before tests are performed since certain steps in the penetration testing process may affect the configuration and stability of the target machine. These snapshots can then be used to revert and restore the setup to its original state so that security professionals and researchers can perform a series of tests and experiments without having to worry about the side effects of the previous tests.

Note

In the past, one of the common targets that was set up in penetration testing lab environments was an intentionally vulnerable Linux image called Metasploitable. It contained various vulnerable running services mapped to several open ports waiting to be scanned and attacked. Practitioners would then set up an attacker machine using BackTrack Linux (now known as Kali Linux) that had been configured with a variety of tools, such as Nmap and Metasploit, to attack the target machine.

Of course, setting up a vulnerable-by-design lab environment on our local machines has its own set of challenges and limitations. These may include one or more of the following:

• Setting up a penetration testing lab environment on our personal computer or laptop (most likely containing personal and work files) may have unintended consequences as the entire system might be compromised if the hacking lab environment is set up incorrectly. In the worst case, we might lose all our files when the system crashes completely due to hardware degradation or failure.
• Virtual machines that are used in the lab environment can be resource-hungry. That said, we may be required to have a more expensive local setup to meet the demands of the virtual machines that are running.
• Setting up a vulnerable lab environment can be time-consuming and may require prior knowledge of the tools and applications involved. The process of configuring and preparing the necessary components for a lab environment, such as vulnerable software or network setups, can be complex and demanding. It is essential to have a good understanding of the tools and their dependencies, which can be a limitation for those who are new to the field or have limited experience.
• Certain vulnerabilities and misconfigurations may be hard to test, especially those that involve the usage and presence of a cloud service.

Note

In some cases, we may also encounter licensing issues that prevent us from using certain virtual machines, operating systems, and applications in our hacking lab environment.

To solve one or more of the challenges mentioned, it is a good idea to consider setting up our penetration testing labs in the cloud. Here are some of the advantages when setting up cloud penetration testing labs:

• Lab environments hosted in the cloud may be closer to what actual production environments deployed in the cloud look like
• We can manage costs significantly by having our hacking lab environment running in the cloud for a few hours and then deleting (or turning off) the cloud resources after the tests and experiments are finished
• Setting up the cloud lab environment ourselves will help us have a deeper understanding of the implementation and security configuration of the cloud resources deployed in the penetration testing lab environment
• It is easier to grow the complexity of vulnerable lab environments in the cloud since resources can be provisioned right away without us having to worry about the prerequisite hardware requirements
• Certain attacks are difficult to simulate locally but are relatively simple to carry out in cloud environments (for example, attacks on cloud functions, along with other serverless resources)
• Setting up complex lab environments in the cloud may be faster with the help of automation tools, frameworks, and services
• We don’t have to worry about the personal and work files stored on our local machine being deleted or stolen
• It is easier to have multiple users practice penetration testing in hacking lab environments deployed in the cloud

Note

In addition to these, learning penetration testing can be faster in the cloud. For one thing, downloading large files and setting up vulnerable VMs can be significantly faster in the cloud. In addition to this, rebuilding cloud environments is generally easier since there are various options to recreate and rebuild these lab environments.

At this point, we should know why it is a great idea to build our penetration testing lab environments in the cloud! In the next section, we’ll quickly discuss how cloud computing has influenced and shaped the modern cybersecurity landscape.