How to set up NodeZero Host on MacOS with UTM
I first heard about Horizing3.ai through a reddit post on /r/cybersecurity. They are a security vendor that takes an interesting angle on security.
Their main offering is NodeZero, a SaaS offering that provides continuous autonomous penetration testing. It helps cybersecurity teams proactively find and fix internal and external attack vectors before attackers can exploit them.
They work differently than other vendors that I have experience with. To get it set up you need to create a NodeZero Host; basically an Ubuntu server with Docker and some specialized configs and software that allows you to deploy their pentests on your network.
They provide a pre-configured VMware, Virtualbox, or Hypver-V vm for you to use. The issue is that there aren't many great ways to get working on a Mac with Apple Silicon. Virtualization on Apple Silicon is buggy at best, but there is a new open-source kid on the block: UTM
With a tiny bit of elbow grease, we can get an importable .ova image to run in UTM.
Note: You need to create an account with Horizon3.ai in order to actually run tests. They currently offer a free 30 day trial.
1. Install UTM
Head over to their website and download the installer to your MacOS computer and follow the installation instructions. The only difference between the Mac App Store version ($10) and the free download is automatic updates. If you can, buy the $10 to support development.
2. Install qemu
qemu is an actively maintained open source machine emulator and virtualizer. UTM actually uses this behind the scenes to handle VMs. We are going to use to to convert the .ova image to one that works with UTM.
The recommended way to install qemu is with Homebrew.
brew install qemu
3. Grab the .ova image from Horizon3.ai
You can find this in their documentation here. Remember where you downloaded this so we can find it in terminal later.
4. Extract the .ova file
Open up your terminal and navigate to the directory where you downloaded the NodeZero Host vm. Once there, we'll use tar to extract it.
tar -xvf NodeZero.ova
Note: the actual name of the file will probably be different.
This should give you 4 different files. The one we want is the file that ends in .vmdk.
5. Convert the .vmdk to .qcow2
The .vmdk file is the image for the virtual machine. UTM uses the .qcow2 format (the native format for qemu) for their images. The good news is that qemu includes a utility for converting between image formats.
In our terminal we'll now type this command:
qemu-img convert -O qcow2 NodeZero.vmdk NodeZero.qcow2
Note 1: the file names will probably be different.
Note 2: the -O flag is not a zero; it's an uppercase O and it is case sensitive.
We should now have a file named NodeZero.qcow2 (or whatever you chose your output name to be).
6. Set up the VM in UTM
We now need to create a VM 'foundation' that we can use to import the newly converted image into.
- Click the
+to create a new VM - On the Start screen select
Emulate - On the Operating System screen choose
Other - On the Other screen select the
Skip ISO bootoption - On the Hardware screen we can keep the defaults, but we will need to change 2 options:
- For memory change it to:
8192(This is equals the 8gb of ram required) - Set the CPU Cores to:
2
- For memory change it to:
- On the Storage screen set it to 40gb (the minimum required is 20gb if you are tight on space)
- On the Shared Directory screen we can just leave the defaults
- On the Summary screen give machine a name like
NodeZero Host - Click Save
7. Set up the drives and import the NodeZero image
We'll now see the VM in the left pane inside UTM. Right click on the newly created NodeZero Host VM and choose edit.
Turn off EUFI boot
In the settings window click QEMU in the left side bar and uncheck the UEFI Boot setting.
Delete the default IDE Drive
It will automatically create a drive for your VM, but we are going to use our image instead. In the left hand menu, scroll down to Drives and click on IDE Drive. Then click the Delete Drive button.
Import the image as a drive
Under Drives in the left hand menu click New... and then in the little tooltip window click the Import button.
Navigate to where your NodeZero.qcow2 image is and select it and click Open. This will create a new IDE Drive from your image.
Save
It's very important to click Save. Yes, I forgot to do that when figuring this out.
8. Run your VM
Just click the play button on your NodeZero Host VM in UTM and boot it up. Everything should work as expected.
Once you boot up there are a few additional steps you need to do before you run your first pentest. You can find more information in their documentation.
Final thoughts
NodeZero looks to be a very interesting tool for cybersecurity. I'll definitely be keeping an eye on it in the future.
They do have some instructions on how to take a regular Ubuntu VM and install all of the software needed for it to be used as a NodeZero Host. It looks like it wouldn't be too difficult to write an Ansible playbook to automate the process as well.
Article: Creating NodeZero Host from scratch