Having what is essentially a valuable hacker’s toolkit inside an organization’s network could be a risk by itself. It is, of course, the ideal target for an intruder. Even if such a system is relatively isolated and well hardened, some tests, for instance covering ransomware and worms, are probably better performed outside an organization’s network where there is no risk of an unintended outbreak. What better solution than placing a Kali Linux system and the potentially vulnerable target systems in a 3rd party cloud instance. Other than an internet accessible SSH or Graphical interface, there does not need to be any connection between the company’s production network and the testing instance. Having an external testing source is also a great way to test the company’s perimeter defenses and footprint, from an outsider’s perspective. This could, for instance, identify specific gaps in firewall or webserver policies. Another excellent use case for a cloud-based Kali Linux system is as a safe (and often free) training environment for security professionals. This works for a single individual, but since a few years, there are also a lot of security training providers utilizing such an environment as a “hacking sandpit” for students. Finally, for certain aspects of penetration testing such as GPU based password cracking, the enormous scalability of cloud solutions is invaluable. Additional GPU and memory resources can be added for hours, days or longer depending on the requirements and budgetary restraints.
Other providers such as onehostcloud have a Kali machine available as well, and some others simply allow a manual installation based on a standard Linux Virtual Machine, which of course could be Kali Linux (check if provider permission is required first). The possibility to almost completely segregate systems inside a cloud platform and within an organization’s production network makes penetration and other security testing, such as malware analysis, perfect candidates to run inside a cloud instance. For security researchers, there are boundless opportunities as well. An environment can be built on-demand at very low cost, to reproduce a situation that has occurred or that could potentially occur in the future. There are hardly any technical limitations to what is possible here, and the few that exist are substantially outweighed by the new opportunities the cloud can provide in this space
