How to Hack… Break Your Computer(s)!
It’s all about the hypervisor
BY JOE ÁLVAREZ
Justin Bagdon was flummoxed. Bedeviled by internet advertisements, he just wanted the ads to stop. He was a victim of adware. “You do one search for Preparation H, and now you’re seeing those ads everywhere you go. I don’t need that,” says Justin.
Soothing Proof That Even You Can Do Cybersecurity
Although adware isn’t the main thrust of this article (we’re actually interested in breaking things), internet ads are a universal cybersecurity concern. And for those who want to break into cybersecurity, tackling adware can be a manageable and affordable first step towards the technical mastery that’s required in the burgeoning cybersecurity field.
Justin is among the thousands of people who seek a career in cybersecurity. Fed-up as he was with internet ads, he did what he’s been doing all his life: He tinkered. After some online research and experimentation, Justin applied his emergent cybersecurity skills to design and implement a custom adware blocker. It’s a small token of his ingenuity and his drive to make things better.
It also shows just how easy it can be to start upon cybersecurity.
“My wife doesn’t mind that I spend so much time doing this stuff,” says Justin, who is a cybersecurity student at SecureSet. “It’s a fun way to hone my [cybersecurity] skills,” he says.
As a SecureSet student, Justin has learned the ins and outs, the ones and zeros, the software and hardware — all the “stuff” — that makes your 21st century technology experience possible. As an aspiring cybersecurity professional, Justin wants to break all this “stuff” to understand how to protect it on your behalf. And thanks to the hypervisor, you too can break stuff and learn to hack — ahem — do cybersecurity. Eventually, you can even implement your own adware blocker after testing it on a hypervisor.
Hypervisors — A Hacker’s Best Friend
In simple terms, hypervisor technology allows you to build and run a virtual computer (or virtual machine in tech parlance). A virtual machine is a substitute for a “real” computer; while real, physical computers are built with actual hardware that you can hold in your hand (e.g. hard drives, processors and RAM), virtual machines use a hypervisor to emulate that hardware.
“The thing about virtualization is that you can experiment,” says Justin. If you break your virtual machine — if you render totally it useless — it’s no huge loss. It was a virtual machine, and your physical machine has suffered no ill effect. “You can even roll-back your broken virtual machine to a previous configuration,” says Justin, describing a benefit of virtualization that allows users to preserve a baseline configuration.
Hardware (virtual or physical) is nothing without an operating system, so when you provision your own virtual machine, a key part of the process will involve installing your own operating system. As you read this, you are likely running Windows or OS X. These are fine operating systems, but there are other OS options you will want to install to become proficient in cybersecurity.
System Requirements
When you provision and run a virtual machine, you’re actually running two (or more) computers: The first is your host, upon which your hypervisor will run; then there is/are your guest(s).
Your host consumes resources in the form of RAM (memory) and storage. When you launch your hypervisor and boot one or more guests, those will also consume memory and storage resources, which are provided by your host.
For this reason, you will want to ensure your host machine has resources to spare. Here are the specifications we run at SecureSet:
Intel 6th or 7th generation i7 dual (or quad) core processor
16 GB DDR4 RAM (32 GB recommended)
256 GB or larger SSD (500 GB recommended)
NOTES:
· Prefer to have a higher quality box ($500+) because they are better supported and are more reliable.
· Can be a MacBook Pro (early 2015 or newer).
· Get an Ethernet adapter or have an Ethernet port on the laptop.
· Many systems will meet the specifications; you can often find good deals on open box systems at outlets like Best Buy.
· AMD processors are NOT recommended for laptops due to lower per core power and higher power consumption.
· i3 processors are way underpowered.
To illustrate why it all matters, I run an 8th generation Intel i7 quad-core processor, 16 gigs of RAM, and 500 gigs of storage. Justin runs a similar processor with 32 gigs of RAM and 1000 gigs of storage.
I have a total of 11 virtual machines stored in VirtualBox. They occupy lots of storage, and I’m almost out, so I’ll eventually have to upgrade my storage capacity. Also, my system starts to slow down once I’m running four or more virtual machines simultaneously on top of my host. Upgrading the RAM to 32 gigs could help with that.
Mine is a budget setup. Initially it ran 8 gigs of RAM and 256 gigs of storage, but it was relatively inexpensive, and I was able to install aftermarket memory and storage upgrades for roughly $100. Even after the upgrades, my total cost is still far below purchasing a computer with 16 GB of RAM and 500 GB of storage preinstalled.
Justin’s more robust setup allows him to run four or more guests at once without breaking a sweat. The ability to run several virtual machines simultaneously is critical. As you delve more deeply into cybersecurity practice scenarios and labs, you will often run one or more guests as “victims,” and other guests as “hackers.” This takes up significant resources, especially if the victim guests are running Windows.
If your current computer falls short of the standards charted above, you can visit crucial.com and run a system scan, which will then offer recommended upgrades. Crucial guarantees the upgrades, so if they don’t work out, you’re likely to get your money back. This all means that you might not need a massive investment to get started in cybersecurity; memory and storage upgrades for less than a couple hundred dollars could be enough.
VirtualBox: Hypervisors on the Cheap
Hypervisors and operating systems may sound like costly investments, especially if you’re still not sure cybersecurity is something you really want to do. Justin’s first setup didn’t cost him a dime: He ran Oracle VM VirtualBox (a hypervisor) and Ubuntu Linux (an operating system). “VirtualBox and Linux are free to download and use, and the learning-curve isn’t too bad,” Justin says.
Before you download VirtualBox, you need to distinguish between host operating systems and guest operating systems. A host OS is whatever operating system you are running on your physical computer (Windows or OS X for most). A guest OS is whatever operating system you choose to run on your virtual machine.
It’s a crucial distinction to make, because the first thing you see when you navigate to virtualbox.org is a big button: “Download VirtualBox.” Click the button, and you’ll be taken to a download page with unique downloads for each host OS. Just pick the option that’s right for your host operating system.
“I was running a Windows host when I started at SecureSet,” Justin says, “so I installed VirtualBox for Windows.” This allowed him to run multiple Linux guests on his Windows host. “I ended up really liking Ubuntu Linux, so I eventually replaced my Windows host with a Linux host,” Justin says. That’s slightly more advanced, and when he did that, he also had to install VirtualBox for his specific Linux host to continue running virtual machines.
So now you’ve got a host and a high-quality hypervisor. All you need now is Ubuntu Linux.
Ubuntu Linux
Linux comes in many different flavors, or distributions. Some are designed for expert use at large enterprises and datacenters, while others are specifically aimed towards non-expert users seeking an alternative to Windows and Mac. Ubuntu Linux falls more along the latter category.
With a 15-plus-year lifespan, Ubuntu has proven to be a popular Linux distribution, in no small part due to its ease of use and robust development. There are other fantastic Linux distributions available for new users, however, Ubuntu is among the most popular among the “n00b” set for its reliability.
The graphical user interface makes for an easy adjustment as users migrate from Windows and OS X, while Ubuntu Software provides an excellent software repository to satisfy the needs of most any user.
To get Ubuntu, simply navigate to ubuntu.com/#download and download a desktop version.
Putting It All Together
You’ve got your hypervisor, you’ve downloaded a desktop version of Ubuntu, and you’ve verified/upgraded your system specifications. Now you’ve got to “build” your virtual machine. Run VirtualBox and click “New,” name your machine, and select your machine type and version. Click “Next.” There are many options in the setup process. As you proceed through the process, I recommend you:
· Allocate 2048 MB memory size;
· Select the option to create a virtual hard disk;
· Spec a VirtualBox Disk Image (VDI);
· Choose “Dynamically allocated” storage;
· Allocate 10 GB storage.
Look at you, hacker.
Once the virtual machine is created, you will want to select “Settings” in VirtualBox and spec 2–4 processors under System -> Processor. You’ll also want to specify a boot drive: Go to Settings -> Storage, highlight the blue disc icon that says “Empty,” and mouse over to the other blue disc icon to the right under “Attributes.” Click that blue disc, then click “Choose Virtual Optical Disk File…” From here, a file browser opens. Navigate to wherever you saved the Ubuntu download and select it.
Click “OK” in VirtualBox and start your new virtual machine. This begins a long-ish process of actually installing Ubuntu Linux.
Moving Forward
Once you get upgraded, hypervisored and Ubuntu’d, it’s on you to seek the answers to cybersecurity mastery. Ever heard of Google-fu? It’s a great starting-point to investigate the “why’s” and the “how-to’s” you’ll inevitably encounter. There are also online cybersecurity courses available through cybrary.it (not free) and kali.training (free), among many, many others. By the time you’ve figured-out how to setup your hypervisor and guest VMs, you’ll likely have gained enough technical proficiency to implement your own custom adware blocker. Maybe you’ll even enroll at SecureSet Cybersecurity Academy — “If you do, you’ll get world-class instruction and support,” says Justin.
-Joe Álvarez is a student at SecureSet Cybersecurity Academy. He discovered cybersecurity as a career option while studying international relations.
-Justin Bagdon is also a student at SecureSet Cybersecurity Academy. Before enrolling at SecureSet, Justin worked in commercial diving and undersea robotics.
