General InfoSec Tips & Tricks, , How-To, Informational, InfoSec 101 home lab, Infosec for Beginners, InfoSec Survival Guide, virtual machines
by Martin Pearson || Guest Author
This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 physical copy on the Spearphish General Store.
A home lab will not only enhance your learning opportunities, but can also give you a safe place to play by using virtual machine to emulate a computer, giving you the ability to easily make mistakes with no fear of harm to your personal setup.
Practicing on entry-level product is a great way to get started. Think about what you want to learn and how your setup will help you meet your goals. You don’t need the fastest equipment, the most storage, or the best memory to start your home lab. Even if you can afford the best, it won’t suddenly make you a master hacker. It relies on your commitment, not your equipment.
In general, the fundamental building blocks of a lab are a network, virtual machines, and the physical machine to run them on. It’s common to have one Linux (Kali) machine and usually one Windows client/server. This will be enough to do some really fun stuff!
VM Options
There are lots of virtualization software to choose from. Below are some links to get you started. (Don’t worry if these mean nothing to you at this stage; it’s just good to be aware.)
- proxmox.com/en/
- vmware.com/products/workstation-pro.html
- docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.esxi.install.doc/
- qemu.org/download/
- virtualbox.org/
Equipment Considerations
- How many virtual machines do you want (vs. how many you actually need)?
» How many might you want in the future?
» The more virtual machines, the more memory/storage space you will need.
» Consider purchasing second-hand machines fi rst. - It is better to have a separate network to avoid family/user arguments when
you play –
» Consider a dedicated router or switch. - You WILL break things! Make a backup (sometimes called a snapshot).
Other Considerations
- Both Windows client and server can be used in evaluation-mode legally (no
need to purchase). - Kali and Parrot are commonly used operating systems that will give you all the
learning tools you need. Search Kali or Parrot ISO to fi nd out more.
» To learn about the operating systems and their included tools: - https://www.kali.org/tools/
- https://www.parrotsec.org/
- A journey of a thousand miles begins with a single step!
- Consider exactly what you’re trying to achieve. You don’t need to know and
do everything right away.
Depending on what you start off with and how your needs grow, you may decide to buy more machines. Remember, they are very easy to network, so no need to throw away your old equipment. Above all, have fun and learn!
Read more in our “Infosec for Beginners” blog series:
- How to Get a Job in Cybersecurity
- John Strand’s 5 Phase Plan For Starting in Computer Security
- From High School to Cyber Ninja—For Free (Almost)!
- Blue Team, Red Team, and Purple Team: An Overview
- Pentesting, Threat Hunting, and SOC: An Overview
- What Is Penetration Testing?
- How to Perform and Combat Social Engineering
- The Human Element in Cybersecurity: Understanding Trust and Social Engineering
- Build a Home Lab: Equipment, Tools, and Tips
- Questions From a Beginner Threat Hunter
- Shenetworks Recommends: 9 Must Watch BHIS YouTube Videos
- Mental Health – An Infosec Challenge
Ready to learn more?
Check out this BHIS webcast on the topic here —
How To Build a Home Lab for Infosec
with Ralph May