How to build your own Pentest Lab: Tips for Beginners
If you’re interested in a career in penetration testing then testing your skills is a must. Having your own home penetration test lab is a great way to test new pentesting skills and penetration testing software.
Practicing is always the best way to improve your skills, however, the problem with hacking is that any real-world practicing on live systems could land you in legal trouble that will damage your future cybersecurity career more than lacking a few skill points here and there.
The solutions to this problem is a home penetration testing lab. In this article, we’ll tell you how to build your own lab so you can improve your hacking and penetration testing skills. There are several different options to having your own pentest lab, they all have their pros and cons so we’ll explore some options below.
Having a pentest lab in the cloud has several advantages; it takes up no space on your machine, the initial investment is small, and it’s easy to set up and begin using almost immediately. This option is great for beginners. You need to consider which provider you’re going to go with and what operating system you can do to your testing on. The cons to using the cloud are that if you want to use some weirder and more complex configurations this can be problematic, and you also might be limited by the cloud company’s terms of service.
If you decide to do it on your own and avoid the cloud, then here’s what you should look out for. You need a laptop or computer with a decent amount of memory, think 16GB RAM upwards. This is because if you are running several VMs they will eat up a lot of memory. It’s also advisable to have an SSD of 128GB minimum, but more is definitely better. This option is cheap if you already have a laptop lying around, but expensive if you don’t.
Some great resources:
Vulnhub’s HackinOS is a beginner level CTF style vulnerable machine. You can download it here.
Security infrastructure: Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. You can download it here.
Practical Pen Test Labs: A hands-on practical penetration testing course that uses virtual environments. There are free labs available as well as premium ones – great for some low cost and easy to set up pen testing. You can check it out here.
XAMPP development environment: XAMPP is the most popular PHP development environment. XAMPP is a completely free, easy to install Apache distribution containing MariaDB, PHP, and Perl. You can download it here.
Gloss