Virtualization¶
Virtualization lets you run multiple operating systems on one physical machine
For security work this means isolated testing environments , safe malware analysis , flexible lab setups , and resource-efficient infrastructure
Why Virtualization Matters for Security
- Isolate malware analysis (sandboxed execution)
- Build penetration testing labs (multiple machines)
- Snapshot and rollback (destroy and rebuild instantly)
- Run multiple tools across different OSes
- Practice exploits without damaging real systems
- Simulate enterprise network topologies
Virtualization Types
Type 1 (Bare Metal) - Hypervisor runs directly on hardware * VMware ESXi, Microsoft Hyper-V, KVM, Proxmox * Best performance, enterprise-grade * Requires dedicated hardware
Type 2 (Hosted) - Hypervisor runs on top of host OS * VMware Workstation/Fusion, VirtualBox * Easier setup, good for labs * Slight performance overhead
Key Virtualization Concepts
- Host - Physical machine running the hypervisor
- Guest/VM - Virtualized operating system
- Hypervisor - Software that creates and manages VMs
- Snapshot - Saved state of a VM (like save point)
- Clone - Copy of a VM
- Template - Master copy for deploying multiple VMs
- NAT - Shared IP address (host provides network)
- Bridged - VM gets own IP on physical network
- Host-only - Private network between host and VMs
Network Modes Comparison
| Mode | Description | Use Case |
|---|---|---|
| NAT | VM shares host IP | Internet access for VMs |
| Bridged | VM on physical network | Services accessible from LAN |
| Host-only | Isolated from everything | Safe malware lab |
| Internal | VMs talk to each other | Multi-VM lab without host |
Snapshot Strategy
Snapshots are your undo button: * Take snapshot before risky operations (exploit testing) * Take snapshot after base OS installation * Take snapshot after tool installation * Roll back when you break something * Destroy and rebuild for repeatable testing