This post is a brief outline on setting up a home lab for Ethical Hacking, Penetration Testing and Cyber Security research. I’ll use the steps in this article as a base for future articles on more in-depth techniques.
There’s already plenty of existing articles and tutorials about this kind of stuff and everyone has their own personal preferences, but this is my take and how I like to work.
A personal lab is also going to reflect what you’re working on at the time, and not all lab environments will be the same.
The easiest way to get started with a home lab is to use a Virtual Machine setup on your existing computer. I prefer VirtualBox but VMware Player is a good choice as well.
Using virtualisation rather than physical machines has numerous benefits, in particular, you can set up as many different operating systems and platforms as your host computer has resources to spare and you don’t need to keep buying physical computers, as much as we’d all like to. It’s quick and easy to install VirtualBox and you can really easily simulate a basic network connecting multiple machines together.
A basic lab for offensive security research might consist of at least two machines connected by a network connection. You might have an attack box and a victim box, the attack box is the “hackers” machine that contains all the tools for performing a pentest and the victim machine is the poor vulnerable target machine that’s about to be hacked.
Defensive security research is a little different as it largely depends on what you’re researching and what you’re trying to protect. You likely wouldn’t be able to simulate your entire production environment to monitor malicious traffic, but you could have copies of similar version operating systems with some basic configurations and some monitoring tools, for example in an Enterprise Linux environment you might have an LDAP authentication server and a client both running versions of CentOS and configured with Firewalld, you might also have Tenable Nessus for vulnerability scanning, and Wireshark to monitor network traffic as you probe your machines.
In my own personal lab I have a VM running Kali Linux for offensive research, and a bunch of other Linux based machines that simulate a network I’m working on. The good thing about virtualisation is you can be fluid. Machines can be created and destroyed as you need them, you can take snapshots and rollback to a previous state if you make a mess, and you’re not going to pollute your main workstation with malicious and potentially destructive tools and code.
Installing Linux in VirtualBox is fairly straightforward, and is usually a matter of selecting a few basic options and clicking ‘next’ a few times. If you’ve never installed Linux before, you can check out my article on installing Enterprise Linux which outlines the steps for installing Red Hat variant Linux machines and should work for Fedora, CentOS, AlmaLinux, Rocky Linux and Oracle Linux with very little difficulty.
Debian variants such as Ubuntu are slightly different to Red Hat, but no more difficult so you should have no problems.
Installing Kali Linux
Kali Linux is the most popular security focused Linux distribution and is really worth the time in getting familiar with. While I don’t work exclusively with offensive security, having an understanding of different attack and exploitation tools is valuable even if your focus is on defensive security. And it is fun to take a break once in a while and hack something (ethically and legally of course).
For the purposes of this article, download the pre-built Virtual machine image of Kali Linux as it gives us a ready-to-go environment out of the box.
Once it’s downloaded, open VirtualBox and select New. Give your Attack box a name and select Linux as the type and Debian (64-bit) as the version.
Next you’ll need to configure the basic machine settings. Select as much Memory as you can comfortably spare, still leaving enough for your host machine and any other virtual machines you want to run at the same time. I have 20GB of RAM on my main machine, so I’ll select 8GB of RAM for Kali.
On the next screen the steps differ to if you were installing the Operating System from scratch. Here you’ll need to select an existing virtual hard disk and tell VirtualBox to use the Kali Linux file you downloaded.
Select ‘Add’ and navigate to where you downloaded the file and select the Kali Linux VDI file. This is a Virtual Disk Image and is basically a copy of an already configured installation that the Kali developers have given us.
Once that’s ready, click ‘Create’.
You can now boot your Kali Linux machine.
The default username and password is kali:kali, so when the machine boots you can log in to the desktop environment.
If you left all other configuration settings as default you should also have Internet access already working. So the first thing I’d do is update the operating system and installed software. If you’ve already got Linux experience and have used a Debian based distribution before you should be familiar with the steps. We can update using apt. Open a terminal window and type:
$ sudo apt update && sudo apt -y upgrade
It might take a while to update all the packages so please be patient. I promise you’ll get to hacking shortly.
What you do with Kali from here is up to your own personal choice and it can be configured as much or as little as you please. I usually leave everything almost default, however there’s a few extra tools that are handy to install.
Once the updates are complete, feel free to reboot the system just to make sure all the updates are applied, and then open a terminal again.
$ sudo apt install terminator zaproxy
I like to use the terminator terminal emulator instead of the default because it makes splitting terminal windows super easy. And I also like OWASP ZAProxy as a web application proxy. The very popular BurpSuite Community Edition should already be installed which does many of the same things as ZAP and can be used instead if you prefer. I use ZAP for most things as I’ve had more experience with it.
I also install the Brave web browser, which can be installed following the instructions on the official Brave website.
Once Kali is done you can power off the virtual machine and get ready to set up your next machines. Again, this depends on what you’re working on. If you’re practicing Pentesting and Ethical Hacking you might want to install a pre-built vulnerable machine from VulnHub, which are amazing machines to practice hacking on.
If you’re working on defensive security, you can try building a network of Enterprise Linux machines or a Windows Server.
In my lab I installed Enterprise Linux and if you take a snapshot you can then clone new virtual machine instances from those snapshots so each of your machines has a consistent base image and you don’t have to keep repeating the same installation process.
To take a snapshot, click the Icon to the right of your virtual machine and select “Snapshots”.
Once you have a snapshot, you can then click the “Clone” icon to create a new machine from the snapshot. Ensure to select “Generate new Mac addresses for all network adapters” from the dropdown otherwise VirtualBox will attempt to assign the new machine the same IP address as the previous one.
On the next screen I would select “Linked Clone” to save disk space.
To simulate a network environment and still keep a reasonable amount of virtual machines running at any one time, I usually set up one Enterprise Linux host with OpenLDAP server for user account management, with any additional clones configured with the LDAP client. Any other software, like Web and Database servers can also be installed.
Just make sure that if you’re working on intentionally vulnerable machines, or running any malicious tools to restrict access to sensitive data or the public Internet. This can be done by using a Host-Only network in VirtualBox which allows your machines to communicate with each other but not the outside world.
Always remember to be cautious and responsible.
That should do for now. Feel free to play around and get familiar with the Kali Linux desktop environment and the tools that are pre-installed. If you’d like an in-depth introduction to Kali Linux, TCM Security have a brilliant video on YouTube called Linux for Ethical Hackers that you should definitely watch.
Some other Linux distros that you should check out are Security Onion and REMnux which is specially built for Malware Analysis.