Maybe this isn't the best place to ask this, but I'll try anyway:
I'm a consultant involved in cybersecurity who often has to build and run VMs to either test out software, run things in sandbox, or connect to TOR from a VM I'll never use again.
Having said that, I currently use Windows with VMWare Workstation, but I find it frustrating and would prefer something that's less frustrating and feels more built-in.
Is there a solution that anyone would recommend for this kind of thing? Internal networks, Windows and Linux sandboxes, etc. I use Microsoft office products regularly, and my workstation (Dell Inspiron with an i9, 64GB ram, 2tb SSD) is connected to a thunderbolt 4 dock with 2 1440 monitors. I'd prefer for a Windows VM to have passthrough to the monitors and be able to interact with the host OS via that VM, so I can still share my screen during meetings and while coordinating efforts.
You don’t really mention specifically what you find “frustrating” about VMWare Workstation so it’s hard to know on what criteria to give a response.
I don’t know how “built in” it can be considered but I’ve used LXD a bit and since it now supports VMs as well I’m guessing you could define VMs in yaml in advance and “easily” (depending on your definition) tear down and re-deploy VMs with preconfigured network settings etc. Vagrant should also work for this with a Virtualbox or VMware backend (paid feature).
What exactly do you mean when you say that the VM should be able to “interact with the host OS”, isn’t that exactly what you don’t want and why you’re running a VM in the first place?
I'd like the ability to drop files to a VM from another VM, like shared folders in Workstation.
My frustrations with VMWare usually revolve around network connectivity issues. My internal or NAT networks often fail to give the guest VMs the expected connectivity.
If I'm doing real malware execution and analysis, I would one- way transfer the relevant file(s) to my sandbox and disable any backward connectivity before execution, but I still need a reasonably simple way of getting files to (suspicious files, etc) and from (resulting logs, registry changes, pcap, etc) the malware sandbox. Ive kinda solved this already using a number of tools outside my work host, but just in the off situations where this is necessary I want to have a template VM prepped in advance.
I second this, it's called magic wormhole, if you want the source, croc is a more friendly solution built ontop of magic wormhole. In any event, quick and easy.
It’s very different. Can I open a PDF from Windows into Windows Sandbox with 2 clicks and close with 1 after reading, nearly instantaneously, without noticing the virtualization? Nope. Windows Sandbox is just a fresh VM, almost useless.
Using a zero install PDF viewer, the wsb login command and a few lines script file one could also have the PDF automatically open in the Windows sandbox with a double click or using "Open with" from the context menu.
I don't get the distinction between type 1 and type 2.
E.g. xen is type 1 and KVM is type 2. But at the end of the day it's a Linux kernel in both cases that runs the virtual machines, so what's the point of distinction?
It's about reducing the size and attack surface of the most-privileged code which runs in the system, e.g. moving code out of the kernel, making hypervisor/VMM smaller, nested VMs, hardware enclaves. This video covers some of the changes over the last decade, including Xen and Bromium, https://youtube.com/watch?v=bNVe2y34dnM
It's what runs above the vms that is the distinction. For xen it has its own kernel instead of running Linux as the hypervisor and host system. Xen still uses Linux typically as the domain zero as it calls it for doing control and setup but it doesn't necessarily have full access to all the hardware on its own.
Completely it's own from scratch. It's a very simple, relative to full Linux or other OS, kernel/hypervisor. It's built to load what it calls the Dom0 system, which it gives a communication channel to to start up other virtual systems that it calls DomU. This in theory lets you use any OS as the Dom0 for initializing everything (Linux, *BSD, even Windows I think) as long as there's some kind of support for that communications channel to tell the Xen kernel to start up another system.
Maybe Fedora with Xen is the route I should try, assuming I can give the Windows VM full GPU pass-through and use it as a "primary" machine. I need to be able to screenshare almost daily via Zoom.
I use vbox regularly on a Linux host, it’s not seamless but it works okay. I have custom built vm images with packer that do things like enable auto login and disable screensaver (these don’t matter on a vm, your host is where they should happen). I don’t need gpu so the vbox drivers suffice, but if I did I would probably consider getting a quadro or something and doing pci pass through (not even sure if vbox supports this)
As a cautionary though, vms are a good boundary but not a comprehensive one. If your threat model includes execution of 0day exploits (malware analysis or browser exploit chains) that can breach hypervisor perimeters you shouldn’t be doing anything sensitive from the host. RDP is better, but iirc there are some case studies of execution on the rdp client.
GPU Passthrough can be solved with LookingGlass (https://looking-glass.io/) if you just want a solve that particular problem. I'm not sure how well it works on a laptop but if you have a dedicated graphics card (e.g. Nvidia) you should theoretically be able to get it working the way you want. I'm sorry for the lack of elegant all-in-one packages. I too wish for an Excalibur of VM solutions.
NixOS or Guix both allow one to fire up a vm based on a specification very easily, and positively encourage interation. The learning curve is steep but rewarding.
I'm a consultant involved in cybersecurity who often has to build and run VMs to either test out software, run things in sandbox, or connect to TOR from a VM I'll never use again.
Having said that, I currently use Windows with VMWare Workstation, but I find it frustrating and would prefer something that's less frustrating and feels more built-in.
Is there a solution that anyone would recommend for this kind of thing? Internal networks, Windows and Linux sandboxes, etc. I use Microsoft office products regularly, and my workstation (Dell Inspiron with an i9, 64GB ram, 2tb SSD) is connected to a thunderbolt 4 dock with 2 1440 monitors. I'd prefer for a Windows VM to have passthrough to the monitors and be able to interact with the host OS via that VM, so I can still share my screen during meetings and while coordinating efforts.