Skip to main content
HashnodeAzurePentestLab

Command Palette

Search for a command to run...

Building a Custom Azure VM Image for Security Labs

Updated
3 min read
N
Nouhaila Lahsaoui

Turning ideas into pipelines and code into Cloud solutions ☁️ DevOps explorer passionate about automation and collaboration. Open to a 6-month Cloud/DevOps internship opportunity.

In this guide, I’ll walk you through the exact steps I followed to create a custom VM image in Azure. This image contains preinstalled security tools and vulnerable applications (Juice Shop, WebGoat, DVWA), ready to be deployed instantly for labs and training.

🔹 Step 1 — Create a Resource Group

  • Go to the Azure Portal.

  • Create a new Resource Group (example: rg-customimage-nouhaila).

  • Choose your subscription and region.

🔹 Step 2 — Create a Virtual Machine

  • Click on Create → Virtual Machine.

  • Select Ubuntu Server as the OS (Linux).

  • Configure size, username, and authentication.

  • In Inbound Rules, allow the ports you need (e.g., SSH, HTTP, custom ports like 3000, 8080 i used for my containers ).

  • (Optional) Adjust networking, management, and monitoring according to your needs.
    Below is an example of the VM configuration I set up.:

🔹 Step 3 — Connect to the VM

There are two common ways to connect:

  1. Azure Bastion (recommended, more secure since SSH is not exposed to the internet).

  2. SSH (if you allowed inbound port 22 and have your private key or password).

Choose whichever method fits your setup.

🔹 Step 4 — Install Docker & Vulnerable Apps with Docker Compose

First, install Docker and Docker Compose:

sudo apt update && sudo apt upgrade -y
sudo apt install docker.io docker-compose -y
sudo systemctl enable docker
sudo systemctl start docker

Then create a docker-compose.yml file to deploy all vulnerable apps at once:

version: '3'
services:
  juice-shop:
    image: bkimminich/juice-shop
    ports:
      - "3000:3000"

  webgoat:
    image: webgoat/webgoat-8.0
    ports:
      - "8080:8080"

  dvwa:
    image: vulnerables/web-dvwa
    ports:
      - "8081:80"

Run all apps with one command:

sudo docker-compose up -d

👉 Test them by visiting:

  • http://<public-ip>:3000 → Juice Shop

  • http://<public-ip>:8080/WebGoat → WebGoat

  • http://<public-ip>:8081 → DVWA

🔹 Step 5 — Prepare the VM for Image Capture

Before creating the image, deprovision the VM:

sudo waagent -deprovision+user -force

(This removes user-specific data so the image can be reused.)

🔹 Step 6 — Create the Custom Image

  • Go back to the Azure Portal.

  • Select your VM → Capture.

  • Choose:

    • Generalized (since we deprovisioned).

    • Create or select an Azure Compute Gallery.

    • Define the Image Definition (name, OS type, generation).

    • Assign a Version number (e.g., 1.0.0).

  • Click Review + Create → Create.

🔹 Step 7 — Deploy New VMs from the Image

  • Go to your Gallery → Image Definition → Versions.

  • Select your image and click Create VM.

  • Each new VM will have all the apps preinstalled — ready for labs in seconds!

✨ And that’s it! You now have a custom reusable lab image with Docker Compose automation — making it easy to deploy security labs for training and testing.

#azure#cloud-computing#cloud

Comments

Join the discussion

No comments yet. Be the first to comment.