While setting up cloud-based penetration testing labs, we are deliberately creating a vulnerable and misconfigured environment where we can practice various security techniques. It is critical that we secure the resources inside this lab environment from unauthorized external attacks and mitigate the risk of planned interference with any of the authorized testing activities or simulations inside the environment. Imagine attackers managing to gain unauthorized access to vulnerable resources inside your penetration testing lab environment! These attackers would be able to leverage the cloud resources to perform various malicious activities—including launching Distributed Denial-of-Service (DDoS) attacks, attacking the systems owned by other users and organizations, and even spreading malware from inside the compromised cloud account. Scary, right? By isolating vulnerable lab resources using a properly configured network...

Before we start, we must have the following ready:

• A GCP account—You may start with a free trial account by completing the steps specified in the following link: https://cloud.google.com/free/. In case you have not set up a billing account in your GCP account, make sure that you have properly set up billing information/profile so that you can access and use the GCP services without interruption. For more information on how to create a billing account, check the following link: https://www.youtube.com/watch?v=NeRYUoR4u0s.
• Any text editor (such as Notepad++, Visual Studio Code, or Sublime Text) where we can temporarily store specific values (for example, your local machine’s IP address) used in the hands-on solutions in this chapter.

You may proceed with the next steps once these are ready.

Important note

Make sure NOT to use any existing GCP account with production (or staging) environment resources for the hands-on exercises...

In this section, we will focus on preparing the prerequisites needed for this chapter. We will start by retrieving the IP address of your local machine. We’ll use this IP address value later when configuring the firewall rules to allow our local machine to access specific resources inside the lab environment. In addition to this, we will also set up the Google Cloud project where the cloud resources will be deployed in this chapter.

Lastly, we will generate SSH keys (a public key and a private key) for accessing the attacker VM instance later in this chapter. As we can see in Figure 4.1, the private key will be stored inside your local machine while the public key will be stored inside the attacker VM instance.

Figure 4.1 – Generating SSH keys for accessing the attacker VM instance

With this setup, the server (the attacker VM instance) can confirm the identity of the client (your local...

In this chapter, we will introduce the usage of Terraform modules to help define and organize our Infrastructure-as-Code (IaC) project structure. Modules allow us to encapsulate and reuse sets of resources to make our Terraform code more modular, maintainable, and scalable. By leveraging modules, we will be able to simplify the management of complex infrastructure deployments and abstract common configurations into reusable components.

In Chapter 3, Succeeding with Infrastructure as Code Tools and Strategies, we stored all our .tf files in a single directory. It feels a bit messy, right? In case you are wondering how modules change how we organize our code and our files, here’s an example of what the project structure might look like once we utilize Terraform modules:

Figure 4.9 – Sample file and folder structure using Terraform modules

We have in Figure 4.9 a sample file and folder structure (left) along...

Having a solid understanding of the compute and networking services in GCP is essential for designing and implementing secure network environments where penetration testing lab resources are deployed. That said, before we dive deep into the secure network design, let’s quickly go through some of the resources, concepts, features, and components we will work with in this chapter, as follows:

• VPC—A VPC is a virtual network within a cloud computing environment that allows us to securely separate and manage resources. With VPCs, we can design and customize our own custom network architectures to meet specific requirements as well as enable secure communication between the resources deployed within the VPC. Inside a VPC, we can have subnetworks (subnets) that allow for further segmentation and isolation of resources within the larger VPC network. Subnets enable us to group resources together based on different considerations and requirements...

With our isolated network environment ready, we can now proceed with setting up the target VM instance. In this section, we will set up the target VM instance in the subnet of VPC 01, similar to what we have in Figure 4.19:

Figure 4.19 – Setting up the target VM instance in the subnet of VPC 01

Inside the target VM instance, we will be running an intentionally vulnerable application called OWASP Juice Shop. OWASP Juice Shop was designed, developed, and prepared by the Open Web Application Security Project (OWASP) to help developers, security engineers, and penetration testers enhance their understanding of secure coding practices and vulnerability identification, along with various mitigation strategies. To simplify the setup and installation of the OWASP Juice Shop application in our VM instance, we will utilize the bkimminich/juice-shop container image. This container image will allow us to run the vulnerable...

Kali Linux is a specialized operating system designed specifically for advanced penetration testing and ethical hacking activities. With its wide range of security tools, Kali Linux enables cybersecurity professionals and enthusiasts to perform penetration tests, digital forensics investigations, and vulnerability assessments. If you have not used Kali Linux before, think of it as an upgraded version of a specific operating system where powerful security tools are pre-installed, turning it into a specialized arsenal for cybersecurity professionals. It’s like transforming a regular car into a heavily armored tank with an array of advanced weapons!

Important note

As a specialized operating system with advanced hacking tools, Kali Linux has the potential to cause harm or engage in malicious activities if used improperly. While it is generally safe to use Kali Linux inside your own penetration testing lab environments, always make...

With our custom image and the VPC network setup ready, setting up our Kali Linux attacker machine on GCP should be straightforward. However, before proceeding with the hands-on portion of this section, let’s quickly discuss how our attacker VM machine will be configured and deployed.

To start with, we will be deploying the Kali Linux attacker machine in VPC 02, similar to what we have in Figure 4.28:

Figure 4.28 – Setting up the attacker VM instance in the subnet of VPC 02

Traffic from our attacker machine should be able to reach resources deployed in VPC 01 since VPC 02 is peered with VPC 01 and the configured firewall rules allow traffic from each of these VPC networks to reach the resources deployed in these networks.

In addition to this, we will set up the following in the attacker VM:

• TigerVNC—A high-performance cross-platform implementation of Virtual Network Computing...

The previous section primarily focused on setting up the attacker VM instance manually. This was necessary because we will utilize this VM instance (kali-00) as a reference to create a golden image. By creating a golden image, we can capture the desired configuration and settings of the VM instance, making it easier to replicate and deploy similar instances with the same specifications in the future.

Note that another approach when automating the process of setting up VM instances involves the usage of IaC tools such as Ansible to set up what’s inside the VM instance (in addition to the usage of Terraform for setting up, configuring, and managing the cloud resources). When preparing VM instances, it is important that we have a good understanding of the distinct advantages and differences of each approach. Golden images are well suited to scenarios where a predefined and static environment is required since...

Given that our lab environment in GCP has been set up, we can now proceed with having a penetration testing simulation to verify that everything has been configured correctly. Of course, we will work with a simplified penetration testing process, as our primary goal is to assess whether the penetration testing lab environment has been set up and configured correctly:

Figure 4.41 – Penetration testing simulation

Our simulation will start with a port scan to check the open ports of the target VM instance (vm-target). After identifying that port 80 is open, we will use a web browser to navigate through the pages and explore the functionality of the vulnerable web application (running inside a container) accessible on the said port. We’ll end the simulation right after we have used an SQL Injection attack to gain administrator access and successfully signed in using an administrator...

Cleaning up the cloud resources we created or deployed is a crucial step when working with vulnerable cloud applications and environments. If we don’t clean up and delete the resources we created right away, we might end up paying for unused cloud resources. In addition to this, these cloud resources may end up being attacked by malicious users as well. At a minimum, we will be paying for the time the following resources are running:

• 1 x e2-medium VM instance for the attacker machine
• 1 x f1-micro VM instance for the target machine

Please be aware that there are other costs we have to take into account as well—including data transfer fees, storage costs for persistent data used by instances, potential charges for other services utilized in the account, and any applicable taxes or fees associated with using resources.

Note

Since the overall cost when running these resources depends on several parameters, it is best to refer to the pricing...

In this chapter, we were able to successfully build a penetration testing lab in GCP. We started by preparing the prerequisites, along with defining the project structure of the Terraform code for automating the lab environment. We then set up an isolated network for securing the lab environment resources from external attacks. Inside this isolated network, we launched a target VM instance running the OWASP Juice Shop application (inside a container). After that, we imported the Kali Linux Generic Cloud Image into our Google Cloud account. Using the imported image, we proceeded with the setup of the attacker VM instance inside the network environment. After completing the lab environment, we performed a simplified penetration testing simulation to verify that our lab had been (mis)configured correctly.

In the upcoming chapter, our focus will shift toward setting up a penetration testing lab in Microsoft Azure. We will set up a lab environment where we can practice container...

For additional information on the topics covered in this chapter, you may find the following resources helpful:

• Google Cloud – Guide to Cloud Billing Resource Organization & Access Management (https://cloud.google.com/billing/docs/onboarding-checklist)
• Integrate Azure services with virtual networks for network isolation (https://learn.microsoft.com/en-us/azure/virtual-network/vnet-integration-for-azure-services)
• Google Cloud – Best practices and reference architectures for VPC design (https://cloud.google.com/architecture/best-practices-vpc-design)
• Kali Linux – Cloud (https://www.kali.org/docs/cloud/)
• Kali Linux – What is Kali Linux? (https://www.kali.org/docs/introduction/what-is-kali-linux/)
• Google Cloud – Manually import boot disks (https://cloud.google.com/compute/docs/import/import-existing-image)
• OWASP Juice Shop: Probably the most modern and sophisticated insecure web application (https:/...