Virtual machines (VMs) have been around for a long time. Many people use them daily for various tasks, but let’s focus on VMs for offensive and defensive cybersecurity.
Offensive
Virtual Machines
Pros:
Quickly spin up premade images
Supports most OS’s
Little to no risk of corrupting the host system
Cons:
May be slow due to limited resources
Onboard devices like WiFi adapters can’t be used
Baremetal
Pros:
All resources available for use
No processing overhead
Better device support
Cons:
Risk of corrupting other OS’s during install
Driver support may be a problem
Longer Explanation
There are plenty of VM images online preloaded with different hacking tools. The big ones are Kali, Parrot, and BlackArch. They make it faster to start attacking by cutting out the installation process for most tools. The the issue with VM’s, though, is that hardware required hacking is more difficult due to its sealed off nature. You will need to pass through devices to be accessed, such as WiFi adapters, NFC readers, or other instruments.
For baremetal installations, it’s much easier to use all of the available hardware. Tools may also run faster due to less overhead and restrictions. Driver support may be finicky at times, depending on your distribution of linux, but most things are covered by the kernel. Dual booting may be a bit risky if you get counterattacked, but this shouldn’t be too big of a problem.
Defensive
Virtual Machines
Pros:
Quickly spin up a new one if it gets corrupted
Obuscate system specs and other things
Cons:
VM detection can cause problems
Vulnerable to attacks using the virtual machine platform or CPU (specter/meltdown)
Baremetal
Pros:
Defeats VM detection
Cons:
Can corrupt other systems on disk
Risk of rootkits
Longer Explanation
VMs are great for running any suspicious programs you download. Any damage the virus does will be contained within the VM (assuming the hypervisor does its job). This will work better if you try to obfuscate the guest from knowing it’s in a VM. PAfish is a good tool to test how detectable your VM is to any malware. Highly advanced viruses, however, will know when they’re being contained.
Running everything baremetal is not recommended under any circumstances. You should run everything suspicious through a VM first before trying it outside. Although antiviruses have come a long way, they should only be the last line of defence.
Conclusion
Virtual Machines should definitely be used for both offensive and defensive cybersecurity. They provide flexibility and protection while being disposable in case something goes wrong. However, they are not perfect and can be detected easily. The best option is a mix of both VM and Baremetal operations to get the best of both worlds.