The first Home Lab (theory)
Author:Stefan Waldvogel
Editor: Denise Tan
Editor: Denise Tan
What home lab do you need?
What home lab do you need?
Start simple!
Do you want to work as a SOC Analyst? Take John Strand's ADHD VM and do the labs (the links are at the end of this article).
As a SOC Analyst, you need to know basic commands and tools such as netstat, tcpdump, wireshark... and maybe a free Endpoint Detection and Response (EDR).
→ That is it!
Start simple!
Do you want to work as a SOC Analyst? Take John Strand's ADHD VM and do the labs (the links are at the end of this article).
As a SOC Analyst, you need to know basic commands and tools such as netstat, tcpdump, wireshark... and maybe a free Endpoint Detection and Response (EDR).
→ That is it!
Build the lab according to your needs. In this guide, I have included resources such as Security Onion, LimaCharlie, and more. This is advanced knowledge and you need it for a Security Engineer role.
You want to become a penetration tester?
Build a lab with Kali Linux and a victim.
Two machines, that is it!
You want to move up?
Create a lab with a Domain Controller, 1-2 clients and a Kali Linux.
How can you use this guide?
Pick the VMs you need and build it together. I do not know your goal.
The Standard Method (building from scratch)
→ In the beginning, this method is difficult because you have to design a realistic environment.
My advice is to start easy. First, you need some machines. You can do this via Docker or with VMs. Never heard of Docker? It does not matter. Watch this Docker Containers 101 guide:
https://www.youtube.com/watch?v=eGz9DS-aIeY
In 20 minutes, you will have the basic knowledge on Docker. You can choose to sign up for RangeForce Community Edition (Free). Docker is fantastic, and you can spin up a machine in seconds… you need 10 machines for a lab? Seconds….
With VMs… you need more time and a lot more RAM, but you will attain a better understanding of networking. For this reason, you might need both Docker and VMs in your lab.
To start your own lab, grab a Kali Linux (or Parrot) and some victims. This victim can be a single Windows machine, a Metasploitable2, or an entire AD environment. Microsoft offers free downloads for many of its products, and you do not need illegal downloads for this. You can find 90-day test versions here: (https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ and https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2019).
The following picture shows a home lab for an aspiring penetration tester. If you are on the blue side, your lab will look different. You might have Security Onion (a blue OS equivalent of Kali) in your lab.
You want to become a penetration tester?
Build a lab with Kali Linux and a victim.
Two machines, that is it!
You want to move up?
Create a lab with a Domain Controller, 1-2 clients and a Kali Linux.
How can you use this guide?
Pick the VMs you need and build it together. I do not know your goal.
The Standard Method (building from scratch)
→ In the beginning, this method is difficult because you have to design a realistic environment.
My advice is to start easy. First, you need some machines. You can do this via Docker or with VMs. Never heard of Docker? It does not matter. Watch this Docker Containers 101 guide:
https://www.youtube.com/watch?v=eGz9DS-aIeY
In 20 minutes, you will have the basic knowledge on Docker. You can choose to sign up for RangeForce Community Edition (Free). Docker is fantastic, and you can spin up a machine in seconds… you need 10 machines for a lab? Seconds….
With VMs… you need more time and a lot more RAM, but you will attain a better understanding of networking. For this reason, you might need both Docker and VMs in your lab.
To start your own lab, grab a Kali Linux (or Parrot) and some victims. This victim can be a single Windows machine, a Metasploitable2, or an entire AD environment. Microsoft offers free downloads for many of its products, and you do not need illegal downloads for this. You can find 90-day test versions here: (https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ and https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2019).
The following picture shows a home lab for an aspiring penetration tester. If you are on the blue side, your lab will look different. You might have Security Onion (a blue OS equivalent of Kali) in your lab.
An advanced pentesting lab with different subnets and the commands for Metasploit can look like this:
If you use Windows XP, you have a very vulnerable OS, and by exploiting the MS17-010 vulnerability you get system access without any credentials. The first machine is a Kali, Parrot, or a BlackArch. The other machines are in different subnets, and you have to activate file sharing on each system. For your first try, you need one Windows XP.
On the red side, you might play with the following tools:
On the red side, you might play with the following tools:
John Strand’s ADHD VM
John Strand’s ADHD VM
Do you feel overwhelmed? What if you can use a pre-built VMware system with some tools and a solid, easy-to-use manual? Do you want a pay-what-you-can training (free is okay) for this pre-built system with live sessions?
Check out John Strands SOC training and register for his course. The link is: https://wildwesthackinfest.com/training-schedule/ and look for SOC core skills.
With this link https://wildwesthackinfest.com/training/soc-core-skills-instructions/ you get a unique Windows VM, the discord link, and the training slides. These things are freely available for everyone. The training is excellent, and I want to say a big thank you to John Strand and his team.
On the screen/desktop (in the VM) is a link called LABS with all the instructions. Do all the modules, and you learn a lot for free. As you get more familiar, you can use this special VM to target more advanced attacks.
Download link: https://introclassjs.s3.us-east-1.amazonaws.com/WINADHD03_21.7z (This link changes sometimes, ask for the new link via their discord.)
What is in the VM:
Do you feel overwhelmed? What if you can use a pre-built VMware system with some tools and a solid, easy-to-use manual? Do you want a pay-what-you-can training (free is okay) for this pre-built system with live sessions?
Check out John Strands SOC training and register for his course. The link is: https://wildwesthackinfest.com/training-schedule/ and look for SOC core skills.
With this link https://wildwesthackinfest.com/training/soc-core-skills-instructions/ you get a unique Windows VM, the discord link, and the training slides. These things are freely available for everyone. The training is excellent, and I want to say a big thank you to John Strand and his team.
On the screen/desktop (in the VM) is a link called LABS with all the instructions. Do all the modules, and you learn a lot for free. As you get more familiar, you can use this special VM to target more advanced attacks.
Download link: https://introclassjs.s3.us-east-1.amazonaws.com/WINADHD03_21.7z (This link changes sometimes, ask for the new link via their discord.)
What is in the VM:
© 2021. This work is licensed under a CC BY-SA 4.0 license