Low-cost and secure set-up for Remotely executed Internal Pen Testing

If you are creating set-up for internal pen testing, one common and technically easiest one is simply to have physical access - i.e. the pen tester sitting right in the office with a laptop connected to the network that is to be pen tested. However, this does pose logistical issues and increases cost. While there are many other remoting options, with some even including VDIs like Citrix, a simpler one could be as follows -

Virtual Machine connecting back to VPN in the Pen Tester's network

Customer Network:

• The Kali Linux VM is hosted on a physical server within the customer's internal network.

• It is depicted as being connected to other internal servers, meaning it has access to the customer's internal network and can interact with other systems, depending on the network's configuration.

  
  

Penetration Tester’s Network:

• The OPNSense server serves as the jump host or VPN gateway in the penetration tester's network.

• The attacker (penetration tester) connects to the OPNSense server, which then enables secure communication with the Kali VM via the VPN tunnel.

VPN Tunnel:

• The diagram clearly shows the VPN tunnel linking the Kali Linux VM in the customer's network to the OPNSense server in the penetration tester's network.

• This provides secure remote access, allowing the penetration tester to SSH into the Kali VM and perform their work as if they were inside the customer’s network.

This gives a secure connection to the internal network and only accessible through VPN by the pen tester team.

You can still make it light weight by using a physical device connected to the ethernet that connects back to the PenTester's VPN server. The physical devices could be a Raspberry pi, HAK5's LAN Turtle, a Laptop etc.