Tools

How To Build Your Cloud Pen Testing Machine

Hack from the cloud

As a penetration tester or security professional you always consider enhancing your tools to save effort, time and to increase effectiveness of what you do. One of the ways to do that is to have your own cloud ready to engage machine.

Why?

  • Control over bandwidth and power.
  • Privacy for your own network. You will use it at minimum.
  • Always available from any location.
  • You can leave your tools running safely (with cautious).
  • Perfect for web and external pen testing you can easily start (reverse shell listener, web server, FTP).

Where and How?

Of course it depends on which environment you’re comfortable with and which platform will allow you to perform pen testing from their infrastructure. But there are some platforms that are known to do so and checking pen testing community feedback I think the best with no specific order are:

Gearing up your machine:

Before you start using the machine make sure you don’t get hacked while hacking. Start hardening the system, Kali security training.

I chose Kali Linux as it’s the most common pen testing OS. But you can always use another OS and add the tools on it.

In addition to tools already on kali check below ones to gear it up.

Recon tools:

Hacking resources tools list

You will need some configuration to get it up and running for example you need to add your API keys to recon-ng to make it more effective.

After adjusting configuration of individual tools you can automate your reconnaissance by tools like:

Exploitation tools:

Update OS and update databases of tools like Metasploit, SQLmap etc.

Keep your payload files ready to go and download:

Privilege escalation:

Download privilege escalation enumeration scripts to be ready to push to targets.

Additional services:

Working on external network is more exposed than working on internal networks. Here are some tips to keep in mind for any pen test in general:

  • If you’re planning to host some payloads using web service. Make sure you restrict access and harden the web server and keep it running only while executing the attack.
  • Use secure services to transfer files such as SFTP.
  • Use encrypted shells with authentication.
  • Be very careful with customer data and make sure you delete all files and traces on your machine after the engagement.

Work Smart:

What are your most common targets? I know you want your machine to be ready for work whatever the target But consider the machine performance and storage, Always keep or add tools relevant to what you’re usually attacking. Do not fill your machine with tools you will never use.


Please feel free provide feedback about your cloud pen testing experience or additional ideas to make it more effective.