Lachlan Harris
I have a raging addiction to virtualisation.

I have a raging addiction to virtualisation.

June 12, 2025
7 min read
cybersecurity opinion
Next Post Latest post!
Enjoy this read? Support me!
Previous Post Switching from Python to C++
Table of Contents

And I’m about to tell you all about why I love anything ending in -ation:

  • Containerisation
  • Virtualisation
  • Isolation
  • Raspberry Pi-sation

Prologue

When I first heard about Docker, it seemed to me like some niche enterprise-only tool that added complexity to virtual machines, which I loathed for absolutely no reason. Docker kept appearing in weird ways - random GitHub repos, TryHackMe rooms, somewhere in the occasional YouTube rabbit hole, and anything even tangentially related to homelabbing.

Virtualisation just seemed impractical. Having to emulate an entire operating system was:

  • Too slow
  • Too complex
  • Buggy

Everything I needed supported Windows or Linux anyway, so I could just install it directly on my host machine.

And, looking back, I was kinda right.

Discovery

I remember I was working on Project Eidolon, and my primary goal was to make it an enterprise-ready cybersecurity tool. Now, at the time, I saw a Dockerfile in every major repo, so I thought why not add it to mine?

I got Docker working on my own system, created a basic Docker setup and played around with it. At first, it just seemed like another layer that made using the tool more complex & less performant. But it worked, and for some reason I was intrigued.

I started scouring the internet for info about this weird and wonderful piece of magic, and started to realise just why everyone uses it. Docker was for sure a layer of complexity, but this “layer” wasn’t meant to be an obstacle. It was a kind of insulation to a project. It was reproducible, and even if it was messy in some ways, it was clean in every other way.

And as someone who used to treat their dev environment like the floor of my room, it was a major revelation.

Dev Containers

After a Docker/-compose setup became standard in every project I made, I really just wanted to integrate everything with Docker. My custom scripts, security tools, random GitHub repos I want to play with, anything.

Dev Containers came to me one day wrapped in an unassuming blue bow, and without any prior research I knew I wanted to use them. They were simpler to setup than traditional containers, automatically added necessary dependencies, had thousands of pre-built containers specifically for languages, and integrated right into VS Code (not NeoVim D:)

To put it in perspective for those of you not enlighted, I found setting up an environment for c++ development windows EASY. No-one who doesn’t use dev containers has ever said that sentence before.

Now, every single project I have runs in a dev container. Front-end, backend or full-stack; Windows, WSL or Linux; small, medium or large, they all have my beloved devcontainer.json

Cyber Containers?

This transition to virtualisation happened when I was very focused on software engineering & security engineering, but now that I’m much more focused on cybersecurity, I still want to utilise this technology, and containers + cybersecurity are incredible.

  • Isolation: Malware analysis? Completely contained. No weird leftovers in /tmp.
  • Reproducibility: Less of a concern for cyber, but it’s better to be safe than sorry.
  • Security: Everything lives in a sandbox. No matter what you slaughter, nothing bleeds into the host…
  • Low Overhead: Unlike full-blown VMs, containers are decently snappy and resource-light. Cyber is not nearly as speed-dependent as software development.

Non-virtual Machines

Virtualisation is great, but you can’t beat the performance and isolation of an entirely separate machine. That’s why I bought a raspberry pi 5.

This little goober currently runs bare metal Kali Linux. Sounds cringey, kind of is, but the way I use it should help me repent for my sins.

Right now, it only needs a power supply to run. When it boots up, it automatically connects to a mesh VPN with my main laptop (+ the rest of my homelab) and exposes SSH and RDP only to my laptop. So, I have a fully private connection to what is essentially a cloud VM running Kali, except I only have to pay for electricity, and can fully self-manage the hardware/software.

Maybe its just me, but hacking with a raspberry pi goes pretty damn hard. But, this offers a lot of benefits over a traditional dual-boot or VM:

  • Battery: With this setup, I can roam anywhere with my laptop & pentest for a solid, consistent 10+ hours
  • Performance: There’s no overhead whatsoever to a bare metal boot
  • Separation: The same advantage as a VM / Container, I can have completely different tools / libs on the Pi
  • Security: The only connection between my Pi and my laptop is RDP & SSH one-way. If the Pi gets compromised, it becomes extremely difficult to travel cross-network.

Miscellaneous Shenanigans

Once, I built a high-interactivity honeypot that ran in a VM on my Raspberry Pi. It simulated a vulnerable system via another Docker container and fed data into a custom CLI-based SIEM, all written with good ol’ Go.

Why?

  • Because I could.
  • Because attackers are weirdly creative, and watching them is educational.
  • Because I was bored on the weekend before exam week.

It was essentially a mini security lab that let me:

  • Watch attack patterns unfold in real time
  • Log commands attackers typed in
  • Build an intuitive understanding of TTPs (Tactics, Techniques, and Procedures)

And again, because it was in a VM, I could tear it down and spin it back up without worrying about persistent compromise.

Using Docker for (almost) everything

Want to test a weird Rust tool? Docker.

Need to build a one-off Go API? Devcontainer.

Trying to replicate a bug in a specific Ubuntu version? Docker image.

Want to run a custom DNS sinkhole while you’re home alone with friends and watch them freak the hell out? You know what I’m about to say.

Virtualisation can be applied for almost anything, and the benefits it brings are irrefutable.

Final Thoughts

Virtualisation isn’t just a buzzword thrown around in cloud whitepapers and devops meetings. It’s a damn superpower. Whether it’s a lightweight devcontainer, a full Kali Pi setup with remote RDP access, or a honeypot farm running on Docker Compose, these beautiful 1’s an 0’s let you do serious cybersecurity work, anywhere, safely*.

It’s fast. It’s clean. It’s reusable.

And yes, I’m addicted.

Employers: if you’re reading this, yes, I document my infrastructure. Yes, I sandbox everything. Yes, I know how to build secure environments on a shoestring budget. And yes, this post was written in a container.

Next Post Latest post!
Enjoy this read? Support me!
Previous Post Switching from Python to C++