As a penetration tester or security professional you always consider enhancing your tools to save effort, time and to increase effectiveness of what you do. One of the ways to do that is to have your own cloud ready to engage machine.
Where and How?
Of course it depends on which environment you’re comfortable with and which platform will allow you to perform pen testing from their infrastructure. But there are some platforms that are known to do so and checking pen testing community feedback I think the best with no specific order are:
Gearing up your machine:
Before you start using the machine make sure you don’t get hacked while hacking. Start hardening the system, Kali security training.
I chose Kali Linux as it’s the most common pen testing OS. But you can always use another OS and add the tools on it.
In addition to tools already on kali check below ones to gear it up.
Hacking resources tools list
You will need some configuration to get it up and running for example you need to add your API keys to recon-ng to make it more effective.
After adjusting configuration of individual tools you can automate your reconnaissance by tools like:
Update OS and update databases of tools like Metasploit, SQLmap etc.
Keep your payload files ready to go and download:
Download privilege escalation enumeration scripts to be ready to push to targets.
Working on external network is more exposed than working on internal networks. Here are some tips to keep in mind for any pen test in general:
What are your most common targets? I know you want your machine to be ready for work whatever the target But consider the machine performance and storage, Always keep or add tools relevant to what you’re usually attacking. Do not fill your machine with tools you will never use.
Please feel free provide feedback about your cloud pen testing experience or additional ideas to make it more effective.