Pro Tip Tuesday is here! 

Today you learn how to play in the sandbox! Err… the digital sandbox that is. A Sandbox is simply an application that is confined to certain limitations – such as processing power, memory, network traffic, and even “virtual devices” like sound-cards, USB ports, and DVD-ROMS. When you put all these elements together you are creating a virtual machine or VM for short.

Why do I want a Virtual Machine?

A virtual machine is the perfect place to test things, without them affecting your entire host operating system. Once you have the hardware set up, you can install an entire virtual OS. That’s right! You can put virtual Windows on Mac, Linux on Windows, Linux on Linux – whatever your hardware will support. You can even put a virtual machine inside a virtual machine! I like to put Linux on Windows. This lets me run Linux applications on Windows, and if I make a mistake, I can simply recover the whole machine back to a previous snapshot – a moment in time, frozen in digital place forever.

What do I need?

The first thing you will need is a Hypervisor. That is simply a program that lets you create, snapshot, and launch the Virtual Machine. You can have several Virtual Machines running at once… although each one gets its own dedicated memory, storage, and processor resources so you may find that a bit slow if you aren’t running a super beefy machine. Popular Hypervisors include Oracle VirtualBox, VMWare Workstation Player, and Microsoft Hyper-V. 

The next part is the Virtual Image that contains the VM. This can come in several formats – ISO, QCOW, VMDK, and VHD are the popular ones. You can download a virtual image (from a trusted source!) or you can build your own. Kali is a very popular Linux distribution from Offensive Security pre-loaded with all kinds of hacker-y tools and applications, and they have many pre-compiled versions for different Hypervisors.

I already know all this! What else have you got?

There are some very exciting options for advanced users. I really like the Windows Subsystem for Linux (WSL) with Kali downloaded right from the Windows Store. You could also set up a dual-boot system with Windows and Linux, or try containerizing Linux! Docker for Windows will let you host a Kali Linux Docker image, which you can download directly from Offensive Security. Lacking system resources? Spin up Kali Linux in AWS (directly available from the AWS MarketPlace) or a Digital Ocean Droplet and install Kali Linux on it. If you really want to, you can even put Kali on a Raspberry Pi! Don’t like Kali? Try BlackArch, Parrot Security OS, Pentoo, or BackBox. You can even launch Kali from a Live DVD or Thumbdrive!

Okay Enough! How do I do this anyway?

1. Select a Hypervisor. I find that VirtualBox is the easiest to use, but that may not be your flavor of ice cream. Find one that works best for you!
2. Install the Hypervisor. Make sure you get a 32-bit version for older machines and a 64-bit version for newer machines.
3. Download the Image. Head on over to Offensive Security for Kali Linux. Again, make sure you match 32- and 64-bit versions to your hardware.
4. Import the image into the Hypervisor. This will set up all the hardware options for you, but you can tweak them to have more or less resources according to your set up. A critical part here is to set the network option to Bridged Mode if you want the Virtual Machine to have its own IP address… NAT if you want it to have a private IP, not visible to the rest of your network.
5. Start the virtual machine… and then take a snapshot! This will create a good baseline to recover to if you make a mistake or want a fresh start. You can do this at any time. It’s just like hitting the save button before the big boss battle.
6. Experiment! Throw sand! It will all stay in the sandbox, leaving you a clean operating system on your host machine when it is all over.

A couple of notes and last minute “gotchas”. You may not be able to cut and paste to the VM, without enabling it first in the Hypervisor. Anything you save will be saved in the VM, and destroyed if you recover to the snapshot. This makes sharing files between the host operating system and the virtual machine impossible, without using a few tricks such as a shared network point. Going to full screen may require that you download the “guest additions” add-on for VirtualBox. Interacting with Flash Drives or other physical media can be tricky, unless you set it up correctly in the Hypervisor options.

There are several ways to get Kali Linux for the National Cyber League Games, but many of the challenges I have completed on good ‘ol Windows. There is no right choice here; every situation is different. I once participated in the NCL from the back of a minivan on a tablet connected to my phone’s hotspot! I had Kali installed at home and was able to remote back into my desktop, where I ran Kali in a Virtual Machine! I know for a fact CryptoKait competed from a cruise ship in the Caribbean! At the end of the day, whatever works best for you is the best solution to the puzzle.

If you have any questions, comments, or concerns, feel free to reach to comment below or reach out to me on Twitter @blue_level_2!