Forum Thread: Preparing Pentesting Environment

Hello guys,

I'm going to reformat my PC and preparing an Pentesting Environment. My OS of choice will be Windows 8.1 on the first partition, on the second one there will be some kind of linux, i'm thinkin about Arch or Debian.

VirtualBox is my tool of choice for Playing around.

So, how can i setup a safe and secure enivornment?

  1. Use TrueCrypt containers for Virtual Machines?
  2. Use Kali either in a VM or better yet on a USB Stick?
  3. Encrypt the whole partition, necessary?
  4. If i'm going to use Kali in a VM, how i'm able to Tunnel it thru "Whonix"?
  5. Which network method should i use, when i go Malware analysis on a Windows Guest? Also, will an TC Container prevent from getting infected? If not, how can i do it?
  6. Anti-Virus tool necessary? Even tho, i was never infected without any AV/Firewall, except windows internal tools.

Any other tips?


Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.

4 Responses

Is truecrypt still secure? I know that they stopped supporting it and that there was some fear in the security world that it may be vulnerable.

Its definitely better on a USB than a VM. Lots more RAM and less bugs/problems.

3) I'd encrypt anywhere that my data is going.

AV for windows or linux? For windows I would get something that is known to be decent and also free. Malwarebytes does a good job and uses much less RAM than most.

TrueCrypt 7.1a is still secure afaik, veracrypt would be the alternative.

AV was for Windows. Yeah true, malwarebytes. Forgot about it, thanks.

So, you would encrypt your whole system? Or would you prefer to create more partitions and just encrypt the partitions instead of the whole system (which leads to a slower system).

Yeah TrueCrypt is still secure, just make sure you get an official version and not the one available from the old sourceforge. Have to agree with Urbz about the VM vs USB, the VM can be very unpredictable in my experience. If you are not installing Kali, then it would probably be better just to encrypt part of your system, as the work you do on the OS will be wiped when you reboot the computer, or any files you wish to keep you can put in a encrypted partition.

well, every pentester has a different choice. Some use VM for diff. OS and some go with USB.
If u no longer has RAM factor in yr mind, then VMs seems perfect.
If u r little conscious and has above factor in list then USB is good. Persistence USB would fit for that.
But for Malware analysis u've to go with VMs as self test is super test.
@PentestingCube u asked a gd question. but little bit refine it like your system config. etc
TrueCrypt is no longer supported , besides VeraCrypt seems right.
AVs will hamper your testing and performance.

Share Your Thoughts

  • Hot
  • Active