Disclaimer: This is only a guide and not inclusive of every single tool in the industry. It’s in your best interest to research via Google and YouTube as well for additional information..
Home Lab Setup
Having a home or online lab is crucial for advancing your career in cybersecurity. It is also a great way to gain the hands-on experience and talking points needed for succeeding at interviews and getting the job you want. You should be willing to try and break things in your lab; experiment! Troubleshooting errors and solving problems in your lab will help you to learn the ins and outs of hardware, software, and networking. Additionally, it will give you the ability to talk about tools, techniques, and procedures that are being used in the real world. Although most of your tools may be free and have a different name, the concepts of network monitoring and defense will be the same.
Understanding networking is a very valuable skill and learning about networks will give you an important skillset for your cybersecurity journey While it is not necessary, you should consider purchasing your own router and connecting it to the one already given to you by your service provider. This helps keep your original home environment separate from your lab environment. Also, spend some time becoming familiar with the service provider’s router as well. Chances are, it has a default username and password that hasn’t been changed. Login into the router’s console and take a look at the current settings and options. You may want to customize settings for IPv6, have static IP addresses for your personal devices, or customize the IP addressing schemes as a means of providing better security.
Hardware is important because it will contain most if not all of your processing power and memory. If you’re just starting out, you should be just fine using your laptop. Today a normal laptop can host 2-3 virtual machines without any issues. If you want to step it up you can use Mac minis, Zotac boxes, or similar portable servers. Feel free to customize your systems! Once you have some lab experience and you’re ready to take things to the next level, you can purchase refurbished servers, just keep in mind that they may require additional power sources and/or cooling.
Virtualization, often referred to as a Hypervisor, is software that allows you to use the processing power of your hardware (laptop/CPU/server) to create and operate virtual machines (VMs). Think of it as having a computer inside a computer. Virtualization is great because it allows you to quickly create a VM and save the state of that VM so you can “revert” back to the point if you need to. This is great for testing and/or development environments. Examples of popular virtualization software include VirtualBox (Free), VMware Workstation Player (Free), VMWare Fusion ($79), VMWare Fusion Pro ($159), or Hyper-V (Free Install). All software is created to work on various operating systems. VMware also has available software called ESXi that allows you to install Virtual Server Software on a physical server. This is great for when the number of required VMs gets too high for your computer/laptop to manage.
Personally, I’m a fan of VMware due to its interface and ease of use on a Mac. VirtualBox has come a long way from what I’m used to and since I often create separate networks in my lab, VirtualBox easily allows me to create them and assign my VM interfaces to them. VirtualBox also allows you to put your VMs into groups in case you need to start and stop multiple VMs at the same time. So… because I like them both (VirtualBox and VMWare Fusion Pro) I use both of them at the same time. Yes, I footed the bill for the Pro version of VMWare.
As you gain more experience with your home lab, you will notice that the ability to use virtualization will get addictive and you will want more machines. This will require more space and processing power. There are some really good cloud providers that allow you to create VMs with the click of a button. Look into Digital Ocean, Amazon AWS, The Google Compute Engine, and Microsoft Azure. In case you want to scale later, it would help do some comparison shopping and interface familiarization to find the best service for your needs.
Network Monitoring and IDS/IPS
It is very important to monitor your network so you can better understand the types of traffic and information that may flow through it. It is also good to understand “why” everything works the way it does. A really good tool for the protocol analysis aspect of networking monitoring is Wireshark. Regardless of what area of cyber interests you, becoming familiar with Wireshark is the way to go. It can be installed on any operating system.
Another great free option is Security Onion. Doug Burks and the Security Onion Solutions team consistently produce ISOs with updated builds so be sure to keep your instance up to date. It runs on Linux, which you can get for free, and includes monitoring and log management tools. You can literally get it up and running in about 8 minutes, just remember to increase your processing cores (2) and RAM (40 GB), and add an extra interface ;-).
Being able to detect vulnerabilities is another crucial part of network defense and exploitation. Just like any other technology, there are many tools to choose from. Now, finding vulnerabilities is a little different than finding malware. For that you can use any of the 60 or so antivirus engines out there, we’ll also save that for a later date.
A good place to start is with the Nmap Scripting Engine (NSE). It’s free and it contains hundreds of scripts that you can use separately or chained together to serve as your vulnerability scanner. Additional options include:
- OpenVAS which comes preinstalled in Kali Linux
- Nessus which is free for the first 16 IP addresses
- Retina, which is free for the first 256 IPs
Oh yes … the firewall. Just like signatures, the firewall is only as good as its access control list and attackers will constantly try to work around both. No matter the operating system, you should familiarize yourself with your host-based firewall. It is always good to know what ports and services are allowed in and out of your host. For Ubuntu Linux users, you should definitely learn about Iptables.
If you wanted to take it a step further I’d invest some time and energy getting familiar with pfSense. Besides being free, pfSense can also serve as your router, VPN solution and much more. The pfSense install and configuration are a bit advanced so be sure to take your time, watch plenty of YouTube tutorials and practice, practice, practice!
Security Information and Event Management (SIEM) Tools
SIEM tools are perfect for analyzing various types of data inputs in near real-time. Also, because most are web-based, with the proper configuration you can monitor your home or work environment from anywhere in the world. Yes, HTTPS is your friend! I’d recommend Splunk, which is free for the first 500MB a day. Depending on your setup, you may be able to get away with this. At a minimum, you send your security and application logs from your Windows 2012 Server to the Splunk box. You can also easily send over your Nessus results. Other options include QRadar, SolarWinds, NetWitness, and AlienVault … all of which I’m still evaluating and will report on very soon.
Just keep in mind that as you go up in technological advancements, so does the price. Some tools may require additional information from the vendor.
If you made it this far then great, now you’ll need some virtual machines to add to your lab to increase your testing and hands-on experience.
Virtual Machine (Downloads)
Here’s a quick list of sites you can use to research, download, and add vulnerable machines to your lab:
- Kali Linux
- Metasploitable2 (Linux)
- Metasploitable3 (Windows)
- Windows Server Evaluation Center
- Microsoft Edge
- Security Onion
- OWASP Security Shepherd 3.0
- Damn Vulnerable Web Application (DVWA)
- Buscador Investigative Operating System
Wargames, CTFs, and more
If you don’t have the hardware just yet and you would still like to practice exploitation and web app testing, you can visit the following sites:
Here are a few books I feel every aspiring #InfoSec professional should have in their library:
- A Tribe of Hackers — List members
- TCP/IP For Dummies
- Wireshark 101 2nd, Troubleshooting with Wireshark, Practical Packet Analysis
- IPv6 Essentials, Practical IPv6 for Windows Administrators, IPv6 Security
- Penetration Testing: A Hands-On Introduction to Hacking
- The Hacker Playbook 1, The Hacker Playbook 2, and The Hacker Playbook 3
- The Web Application Hacker’s Handbook 2
- Practical Malware Analysis, The Art of Memory Forensics
- Learn PowerShell in a Month of Lunches
- Black Hat Python, Violent Python
Lastly, we’ve also created a video for this content. You can find more videos on our YouTube Channel.
Tool Repositories and Tutorials
There is a wide variety of tutorials and tool repositories with helpful links to benefit the community. Here are my favorites.
- Fuzzy Security – Windows Privilege Escalation Fundamentals
- G0t Mi1k – Basic Linux Privilege Escalation
- Marcelle’s Resources – Curated tips and tools
And there you have it! There’s enough here to keep you busy for quite some time. We’ll keep this updated as best we can.
Good luck to you on your journey! We look forward to hearing great things about you. Let us know if this post helped you in any way.