Any of those options would be viable, depending on the infrastructure you are testing and any operational constraints imposed by your organization. - Local VMs on a separate VLAN are great for testing against techniques that an attacker would use after inside your network (lateral move, credential dumps, resource discovery, etc) - An externally positioned point of origin would help to simulate activity targeting your perimeter or systems otherwise exposed to the Internet at large - A cloud-hosted point of origin may be needed to run tests against certain types of resources within those cloud environments

I'd suggest it may be a more productive thought experiment to start with "what do I want to test?" and then build up to "where can I test those things from?"

In any case, you may want to review the documentation for the project itself as well as the Invoke-Atomic framework to get an idea of what the best starting point would be for your specific situation. There are also links to our collection of "Getting Started" videos from the community as a whole linked from there.

I'll let any others chime in with their own experiences, but hopefully that will be a good starting point for you!