lab-setup-guide.md

Cybersecurity Lab Setup Guide

A step-by-step guide to building your own security practice lab environment.

---

🎯 Lab Setup Options

Option	Pros	Cons	Best For
Local VMs	Full control, offline, free	Resource intensive	Dedicated practice
Cloud Labs	Managed, accessible anywhere	Monthly cost	Beginners, convenience
WSL2	Low overhead, Windows integration	Limited features	Quick tasks, learning
Cloud VPS	Custom setups, always on	Cost, security concerns	Advanced users

---

💻 Option 1: Local Virtual Machine Lab

Hardware Requirements

Minimum:

• 16GB RAM (8GB usable for VMs)
• 256GB SSD
• Intel i5/Ryzen 5 or better

Recommended:

• 32GB RAM
• 512GB+ NVMe SSD
• Intel i7/Ryzen 7

Step 1: Install Hypervisor

VirtualBox (Free, Cross-platform)

1. Download from virtualbox.org
2. Install with default options
3. Install Extension Pack for USB 3.0, RDP support

VMware Workstation (Windows/Linux)

• Workstation Pro: Paid, more features
• Workstation Player: Free for personal use

VMware Fusion (macOS)

• Fusion Pro: Paid
• Fusion Player: Free for personal use

UTM (macOS Apple Silicon)

• Best option for M1/M2/M3 Macs
• Download from mac.getutm.app

Step 2: Download Operating Systems

Attack Platform

Kali Linux (Recommended)

• Download: kali.org/get-kali
• Choose: Virtual Machine image (pre-built)
• Default credentials: kali/kali

Parrot OS (Alternative)

• Download: parrotsec.org/download
• Lighter weight than Kali

Vulnerable Targets

VM	Description	Download
Metasploitable 2	Classic vulnerable Linux	SourceForge
Metasploitable 3	Modern vulnerable Windows/Linux	GitHub
DVWA	Damn Vulnerable Web App	GitHub
VulnHub VMs	Various vulnerable machines	vulnhub.com

Step 3: Network Configuration

Isolated Lab Network (Recommended)

Create an internal network so your attack machine can communicate with targets without exposing them to your real network:

VirtualBox:

1. Settings → Network → Adapter 1
2. Attached to: Internal Network
3. Name: "lab-network"
4. Apply to all lab VMs

VMware:

1. Edit → Virtual Network Editor
2. Add Network → Host-only
3. Assign to lab VMs

NAT Network (For Internet Access)

When you need to update tools or connect to cloud labs:

1. Add second adapter set to NAT
2. Enable only when needed

Step 4: Basic Lab Setup

┌─────────────────────────────────────────────────────┐
│                    Your Host PC                      │
│                                                      │
│  ┌─────────────────────────────────────────────┐   │
│  │           Internal Lab Network              │   │
│  │                                             │   │
│  │  ┌──────────┐  ┌──────────┐  ┌──────────┐ │   │
│  │  │  Kali    │  │ Metaspl. │  │  DVWA    │ │   │
│  │  │ 10.0.0.1 │  │ 10.0.0.2 │  │ 10.0.0.3 │ │   │
│  │  └──────────┘  └──────────┘  └──────────┘ │   │
│  │                                             │   │
│  └─────────────────────────────────────────────┘   │
│                                                      │
└─────────────────────────────────────────────────────┘

Step 5: Essential Setup Commands

After setting up Kali Linux:

# Update system
sudo apt update && sudo apt upgrade -y

# Update tools
sudo apt install -y kali-linux-large

# Create working directories
mkdir -p ~/htb ~/thm ~/ctf ~/tools

# Install additional useful tools
sudo apt install -y \
    gobuster \
    feroxbuster \
    seclists \
    wordlists \
    rlwrap

# Clone useful repositories
cd ~/tools
git clone https://github.com/carlospolop/PEASS-ng
git clone https://github.com/swisskyrepo/PayloadsAllTheThings
git clone https://github.com/The-Z-Labs/linux-exploit-suggester

---

☁️ Option 2: Cloud-Based Labs

Managed Platforms (Easiest)

Platform	Cost	Best For
TryHackMe	Free tier / $10-14/mo	Beginners, guided learning
HackTheBox	Free tier / $14/mo	Intermediate+, realistic
PentesterLab	$20/mo	Web security focus
OffSec Proving Grounds	$19/mo	OSCP preparation

How TryHackMe Works

1. Create account at tryhackme.com
2. Download OpenVPN config file
3. Connect:

   sudo openvpn your-config.ovpn

4. Access machines through the VPN

How HackTheBox Works

1. Create account at hackthebox.com
2. Download OpenVPN config
3. Connect and access machines
4. Starting point machines are beginner-friendly

---

🐧 Option 3: WSL2 (Windows Users)

Setup

1. Open PowerShell as Administrator:

   wsl --install

2. Restart computer

3. Install Kali Linux from Microsoft Store or:

   wsl --install -d kali-linux

4. Launch Kali and set up:

   sudo apt update && sudo apt upgrade -y
   sudo apt install -y kali-linux-default

Limitations

• ❌ No GUI by default (can be added with WSLg)
• ❌ Limited hardware access
• ❌ Some network tools won't work
• ✅ Great for learning Linux
• ✅ Good for web testing with Burp
• ✅ Low resource overhead

---

🌩️ Option 4: Cloud VPS Lab

Providers

Provider	Minimum Cost	Good For
DigitalOcean	$4-6/mo	Simple, cheap
Linode	$5/mo	Similar to DO
Vultr	$2.50/mo	Budget option
AWS/Azure/GCP	Free tier	Cloud security practice

Security Considerations

⚠️ Warning: Running attack tools on public cloud requires caution

1. Never run vulnerable VMs with public IPs
2. Use VPC/private networks
3. Enable firewall rules before deployment
4. Destroy resources when not in use

Typical Setup

# Connect to VPS
ssh root@your-vps-ip

# Install Docker for isolated containers
apt update && apt install -y docker.io

# Run vulnerable apps in containers
docker run --name dvwa -p 80:80 vulnerables/web-dvwa

# Run Kali container
docker run -it kalilinux/kali-rolling /bin/bash

---

📋 Recommended Lab Progression

Week 1-2: Foundation

• Set up Kali Linux VM
• Create TryHackMe account
• Complete TryHackMe "Pre-Security" path
• Learn basic Linux commands

Week 3-4: First Targets

• Set up Metasploitable 2
• Complete TryHackMe "Complete Beginner" path
• Practice Nmap scanning

Month 2: Web Security

• Set up DVWA
• Start PortSwigger Academy
• Practice with Burp Suite

Month 3+: Advanced

• Set up Active Directory lab (see below)
• Start HackTheBox
• VulnHub machines

---

🏢 Active Directory Lab Setup

For practicing enterprise attacks, you need an AD environment.

Minimal AD Lab

VM	OS	Role
DC01	Windows Server 2019	Domain Controller
WS01	Windows 10	Workstation
Kali	Kali Linux	Attack machine

Setup Steps

1. Download Windows ISOs:

   • Windows Server eval: Microsoft Eval Center
   • Windows 10 eval: Same location

2. Create Domain Controller:

   • Install Windows Server
   • Add Active Directory role
   • Promote to Domain Controller
   • Create domain (e.g., lab.local)

3. Create Workstation:

   • Install Windows 10
   • Join to domain
   • Create standard user accounts

4. Introduce Vulnerabilities:

   • Weak passwords
   • Kerberoastable service accounts
   • Misconfigured ACLs
   • SMB signing disabled

Pre-Built Options

• DVAD - Automated vulnerable AD creation
• GOAD - Game of Active Directory

---

🛠️ Post-Setup Checklist

After lab setup, verify:

• Attack machine can ping targets
• Targets are isolated from internet/production network
• Snapshots created for easy reset
• Basic tools working (Nmap, Burp, etc.)
• OpenVPN works for cloud platforms

---

💾 Snapshot Strategy

Always create snapshots at key points:

1. Clean install - Before any customization
2. Post-update - After updating tools
3. Pre-exercise - Before each practice session
4. Post-exploitation - If you want to preserve state

Snapshot Commands

VirtualBox:

# CLI snapshot
VBoxManage snapshot "VM Name" take "snapshot-name"
VBoxManage snapshot "VM Name" restore "snapshot-name"

VMware:

• Snapshot → Take Snapshot
• Snapshot → Snapshot Manager → Restore

---

🔧 Troubleshooting Common Issues

VMs Won't Start

• Enable virtualization in BIOS (VT-x/AMD-V)
• Disable Hyper-V if using VirtualBox on Windows
• Allocate less RAM if host is low on memory

Network Issues

• Verify both VMs on same internal network
• Check IP addresses are in same subnet
• Disable host firewall temporarily for testing

Tool Errors

• Update Kali: sudo apt update && sudo apt upgrade
• Reinstall tool: sudo apt install --reinstall <tool>
• Check GitHub issues for tool-specific bugs

← Back to Main README