Hello!
I’m working as a pentester/RT Operator in a cybersecurity company, which for some reason is a Windows shop, so we are mostly forced to work within VMWare VMs, WSL and similar. However, I’ve recently found out that we can in fact dualboot or reinstall our laptops, so I’m now looking for a good setup or recommended distros to use.
When I last tried switching to Fedora, my main issue was that since we are deeply integrated into O365, and our Exchange server isn’t configured to allow 3rd party apps (and we can’t create app passwords), accessing Teams, Mail or just writing reports in Office was a struggle. And another issue was the fact that our PT VPN is Checkpoint, which I did not manage to get working on Linux.
I’m of course familiar with Kali/Parrot/BlackArch, but I would not consider those fitting for a daily driver - each engagement can get pretty messy, and I think it’s better to start with a fresh VM for every customer, just to avoid any potential issues.
I’ve recently discovered QubeOS, which in theory sounds like it should be perfect for this usecase - you can easily separate data for different customers, keep them safe in a storage qube, deal with per-customer networking/different VPNs in their respective Kali VM qubes, and spin up a Windows qube for report writing and backoffice/administration/communication. And if I really understand it correctly, it should also be possible to easily test out malware in a separate disposable qube without much risk.
But I didn’t try working with QubeOS yet, so all of this is just a theory based on my understanding of it’s features and usecases.
So, my question would be - what kind of setup do you use for engagements and backoffice/administrative work? What distro would you recommend, that works well with running different VMs without it being too much of a hassle? And most importantly, is there anyone who uses QubeOS in this field of work, or will it only slow me down and make everything a lot harder than it should be?
Thank you!
Linux with Microsoft is more of a pain than a benefit. What are you hoping to get out of it over simply using a VM?
I had Linux (Fedora) for some time but found it unreliable and unprofessional in meetings with customers (or even just colleagues) when Teams started fucking around or my headphones had issues. Since I switched back to Windows and found it easier to just use a Kali VM with a mounted folder for all the projects and a clean but completely set up snapshot. You can do every type of engagement like that (though if you do iOS pentesting you’ll need to live boot some Linux or have a Mac to jailbreak) without the added headache of compatibility.
Assuming of course any password cracking etc. is done on a dedicated server.
I’ve always found VMs to be awkward to work with, in VMWare. Getting networking to work was never straightforward, even though it should be in theory, any new VPN broke something, and usually even the performance left a lot to be desired. My hope was that there’s a linux distro that has virtualization support more deeply integrated into the OS, but now that I think about it there probably won’t be much of a difference (although, the xen-based QubeOS may help?).
Maybe just switching it around, and have backoffice Windows VM, and tools with work on host OS, since that’s what I spend most of my time working with anyway?