Cybersecurity and Virtual Machines

Ahh yes, virtual machines. A computer nested inside a computer, well not really. A virtual machine is a software computer that is very real minus a few differences, there is no hardware. I'm not going to go into the nitty gritty details of creating a virtual machine, but we are creating a VM tailored to our needs.

***BE VERY CAREFUL WITH VIRTUAL MACHINES, DON'T BE INSTALLING SKETCHY PROGRAMS WITHOUT FIRST ISOLATING THE VM FROM THE NETWORK!!! EVEN THEN MALWARE CAN STILL ESCAPE.***

Picking an Operating System

Picking an OS can be very well… trivial. I personally like Linux, it runs smoother and handles being virtualized very well. I am going to pick a distro I never used before so I can learn something new. And that is going to be Artix Linux.

Making The VM

Well to begin there are a few steps I want to follow. Yours may differ from mine based on what your hardware is and software needs are. In this case I will be creating my red team machine. Where all the magic happens.

Here we are creating our storage volume. I have chosen 64 GiB of space as I will be needing to download a lot of tools.

I chose to give it 4 cores so it has some processing power

I chose to give it 12 gigs, very unorthodox but its not like were trying to run locked down software for student testing right? After installing Artix Linux I installed all the tools I needed, such as nmap and ZAP.

So now that I have this done, what do I do? Well I guess it's time to put the VM to work.

Penetration Testing My Home Network

I don't know if you heard of it or not, but in the middle of 2025 or around there, news was broken that a HUGE number of consumer grade routers were vulnerable to many exploits. Well I am going to create a scenario of what if a hacker had access to my network? And try to discover what all they would be able to find. Lets give this a try.

My Findings

Well I found multiple vulnerable systems on my network. One thing that was nice to see was my network segmentation for my personal stuff and not everyone else's stuff was all nice and secured! I'm going to give myself a pat on the back!

The one thing that did particularly make me curious was the houses security system had an unsecured web server which could allow me to sniff out passwords and usernames. At the time of writing this, the system hasn't seen many many updates after 2024 so I updated it to the most recent version.

Next up was the security camera console, this one was minor and just needs a content security policy. Updating to the latest version fixed that.

Something Suspicious

Now on to a more tricky device… this one was giving me some problems but it had a webserver that didn't seem to have anything. So this is where ZAP comes into play. Lets craw the IP to see what we can discover. Well it didn't find anything, and thats what I expected. Time to run a ```nmap -O``` scan to reveal some details about the system. As it turns out this is a Access point, weird. We only have two access points and this has a different IP from the other two. Well I found something, there is a service called zeus web server that I was able to find. I was able to find a server.key file that was reachable through my web browser, it didn't return anything interesting though as I thought it would. One thing I would like to note is this is slow to respond to a ping, so it is defiantly not connected over a wire.

So I decided I was going to try something, and I changed my WiFi password, and I didn't expect anything to come of it but the device disappeared. So I guess at some point my neighbors must have used this device to extend our WiFi over so they can use it

Conclusion

Well, I came into this not actually expecting to find one of my neighbors using my WiFi, but this is the perfect example as to why we as a industry need to be conscious of what is on our networks. I have know clue what nefarious things they could have been doing on my network and I am glad that I didn't get swatted or anything! If you found this interesting please check out some of my other blogs!