Disclaimer: Please be aware that adding vulnerable machines to your network environment increases your overall attack surface.
Home Lab Setup
Having a home or online lab is crucial for career advancement in information security (#infosec). It is a great way to gain the hands-on experience and crucial talking points necessary for obtaining a job. You should be willing to try and even break things in your lab. Constantly troubleshooting errors and mitigating problems in your lab is a sure way to learn the ins and outs of hardware, software, and networking. Additionally, it will give you the ability to speak to tools, techniques, and procedures that are being used in the real world. Although most of your tools may be free and have a different name, the concepts of network monitoring and defense will be the same.
Understanding networking is a very valuable skill and over time it will be something you may not have to think about much. It is not a necessity but it is highly recommended to purchase a router and connect that router to the one already given to you by your service provider. This “helps” keep your original home environment separate from your lab environment. By all means, it is highly suggested to get familiar with the service provider’s router. Chances are, you have a default username and password that hasn’t been changed. It is also good to take a look around and view the current settings and options. You may want to customize settings for IPv6, have static IP addresses for your personal devices, or customize the IP addressing schemes as a means of providing better security.
The hardware is important because it will contain most if not all of your processing power and memory. To start, you can just use your laptop. Nowadays a normal laptop can host 2-3 virtual machines without any issues. If you want to step it up you can use Mac minis, Zotac boxes, or similar portable servers. As always feel free to customize your systems. If you really want to step it up then you can purchase refurbished servers, just keep in mind that they may require additional power sources and/or cooling.
Virtualization, often referred to as a Hypervisor, it is software that allows you to use the processing power of your hardware (laptop/CPU/server) to create and operate virtual machines (VMs). Think of it as having a computer inside a computer. Virtualization is great because it allows you to quickly create a VM and save the state of that VM so you can “revert” back to the point if you need to. The is great for testing and/or development environments. The top virtualization software is Virtual Box (Free), VMware Workstation Player (Free), VMWare Fusion ($79), VMWare Fusion Pro ($159), or Hyper-V (Free Install). All software is created to work on various operating systems. VMware also has available software called ESXi that allows you to install Virtual Server Software on a physical server. This is great for when the number of required VMs gets too high for your computer/laptop to manage.
Personally, I’m a fan of VMware due to its interface and ease of use on a Mac. Virtual Box has come a long way from what I’m used to and since I often create separate networks in my lab, Virtual Box easily allows me to create them and assign my VM interfaces to them. Virtual Box also allows you to put your VMs into groups in case you need to start and stop multiple VMs at the same time. So… because I like them both (Virtual Box & VMWare Fusion Pro) I use both of them at the same time. Yes, I footed the bill for the Pro version of VMWare.
Over time, you will notice that the ability to use virtualization will get addictive and you will want more machines. This will require more space and processing power. There are some really good cloud providers that allow you to create VMs with the click of a button. The next steps would be to check out Digital Ocean, Amazon AWS, The Google Compute Engine, and Microsoft Azure. In case you want to scale later, it would help do some comparison shopping and interface familiarization to find the best service for your needs.
Network Monitoring and IDS/IPS
It is very important to monitor your network to better understand the types of traffic and information that may flow through it. It is also good to understand “why” everything works the way it does. A really good tool for the protocol analysis aspect of networking monitoring is Wireshark. If you’re into network forensics then Wireshark is the way to go. It can be installed on any operating system.
Another great free option is Security Onion. Doug Burks and the Security Onion Solutions team consistently produce ISOs with updated builds so be sure keep your instance up to date. It runs on Linux, which you can get for free, and includes monitoring and log management tools. You can literally get it up and running in about 8 minutes, just remember to increase your processing cores (2) and RAM (40 GB), and add an extra interface ;-).
Being able to detect vulnerabilities is another crucial part of network defense and exploitation. Just like any other technology, there are many tools to choose from. Now, finding vulnerabilities is a little different than finding malware. For that you can use any of the 60 or so antivirus engines out there, we’ll also save that for a later date.
A good place to start is with the Nmap Scripting Engine (NSE). It’s free and it contains hundreds of scripts that you can use separately or chained together to serve as your vulnerability scanner. Additional options include:
Oh yes … the firewall. Just like signatures, the firewall is only as good as its access control list and attackers will constantly try to work around both. No matter the operating system you should familiarize yourself with your host-based firewall. It is always good to know what ports and services are allowed in and out of your host. For Ubuntu Linux users there’s Iptables.
If you wanted to take it a step further I’d invest some time and energy getting familiar with pfSense. Besides being free, pfSense can also serve as your router, VPN solution and much much more. The pfSense install and configuration is a bit advanced so be sure to take your time, watch plenty of YouTube tutorials and practice practice practice.
Security Information and Event Management (SIEM) Tools
SIEM tools are perfect for analyzing various types of data inputs in near real time. Also, because most are web-based, with the proper configuration you can monitor your home or work environment from anywhere in the world. Yes, HTTPS is your friend! I’d recommend Splunk, which is free for the first 500MB a day. Depending on your setup, you may be able to get away with this. At a minimum, you send your security and application logs from your Windows 2012 Server to the Splunk box. You can also easily send over your Nessus results. Other options include QRadar, SolarWinds, NetWitness, and AlienVault … all of which I’m still evaluating and will report on very soon.
Just keep in mind that as you go up in technological advancements, so does the price. Some tools may require additional information from the vendor.
If you made it this far then great, now you’ll need some virtual machines to add to your lab to increase your testing and hands-on experience.
Kali Linux, by Offensive Security, is an operating system for hackers built by hackers. It has hundreds of different tools that will easily allow you to perform tasks like active information gathering, vulnerability scanning, Wi-Fi testing, and exploitation of various types of software and services. Kali is also synced to Exploit-DB, a repository of various exploits that you should become familiar with if you aren’t already. Keep in mind that Kali, although popular, is not the end all be all tool for exploitation. There are often other ways to exploit a machine that does not require you to use Kali Linux. In short, you shouldn’t become 100% dependent on it.
It is highly recommended that your first target machine is Metasploitable2, aka “The punching bag for pentesters.” It has lots of vulnerable services that allow you to practice various exploitation techniques. There’s also a vulnerability guide that serves as a walkthrough in case you need help compromising this machine. Another great attribute is that it also has a web interface with web app tutorials. It even lets you set different levels of security strength when testing. This is a great operating system for those at the beginning of their enumeration and exploitation journey.
This operating system is for those that have already familiarized themselves with Metasploitable2 and would like to take it to the next level. The install is little more complex and additional software such as Vagrant and Packer is required. It’s also great to acquire some additional hands-on experience because chances are the install will not go as smooth as planned. It will take some time to complete depending on your internet speeds so just be very patient.
It is now time to start learning about Windows Server technology and roles. Microsoft allows you to download various server operating systems. I recommend starting with Windows Server 2012 R2. This will allow you to become familiar with Active Directory, creating Users and Groups, and server roles such as DHCP, IIS, DNS and more. For additional reference material on server roles, you can check out Eli the Computer Guy or other videos on YouTube.
Microsoft allows you to test versions of Internet Explorer 8 all the way to version 11. With that, they provide you with various virtual machines with different operating systems. They include:
- IE 8 Windows 7 (x86)
- IE 9 Windows 7 (x86)
- IE 10 Windows 7 (x86)
- IE 11 Windows 7 (x86)
- IE 11 Windows 8.1 (x86)
- MSEdge on Windows 10 (x64)
These machines expire after 90 days. You will also see some text displayed on the desktop but at least you’ll have a Windows operating system in your lab.
A great repository for vulnerable machines. New machines are put out regularly and the walkthroughs are released soon after. You should always try to exploit the machines on your own or with a group. You can use the walkthrough for hints if you get stuck.
Virtual Machine (Downloads)
Here’s a quick list of sites you can use to research, download, and add vulnerable machines to your lab:
Wargames, CTFs, and more
If you don’t have the hardware just yet and you would still like to practice exploitation and web app testing, you can visit the following sites:
Here are few books I feel every aspiring #InfoSec professional should have in their library:
- A Tribe of Hackers — List members
- TCP/IP For Dummies
- Wireshark 101 2nd, Troubleshooting with Wireshark, Practical Packet Analysis
- IPv6 Essentials, Practical IPv6 for Windows Administrators, IPv6 Security
- Penetration Testing: A Hands-On Introduction to Hacking
- The Hacker Playbook 1, The Hacker Playbook 2, and The Hacker Playbook 3
- The Web Application Hacker’s Handbook 2
- Practical Malware Analysis, The Art of Memory Forensics
- Learn PowerShell in a Month of Lunches
- Black Hat Python, Violent Python
Tool Repositories and Tutorials
There are those that put in the time and effort to put together tutorials, tool repositories with helpful links to benefit the community. Here are my favorites.
- Fuzzy Security – Windows Privilege Escalation Fundamentals
- G0t Mi1k – Basic Linux Privilege Escalation
- Marcelle’s Resources – Curated tips and tools
And there you have it! There’s enough here to keep you busy for quite some time. We’ll keep this updated as best we can.
Good luck to you on your journey! We look forward to hearing great things about you. Let us know if this post helped you in any way.
Lastly, we’ve also created a video for this content. You can find more videos on our YouTube Channel.