Home Lab Setup

I am a big fan of what TryHackMe and Hack The Box have done to get people learning cybersecurity. Their system is brilliant because the provide learning material, vulnerable target machines to attack, and an attack machine fully setup with tools to hack with. This makes the barrier to entry so much lower for many people who have never setup a Linux machine or had to connect to a virtual private network (VPN).

I myself, had a 365+ day streak on TryHackMe at one point. I got to around the 240 day mark in that streak and realized that I was running the same commands get the attack machine setup the way I wanted it to be. It was at this point that I learned that I could setup my own virtual machine (VM) and connect to TryHackMe's VPN. Doing so would give me a machine that was setup the way I wanted it.

There are other benefits to having your own attack machine some of them include:

  • The same attack machine can be used between all platforms (TryHackMe, Hack The Box, picoCTF, VulnHub, etc.)
  • Saving scripts, tools, and documents that you used in previous challenges
  • A consistent, familiar interface and experience
  • The ability to create your own target machines
  • A lab to test, practice, and learn on that doesn't require an internet connection

Setting up an attack box VM is very straight forward. Here are the steps:

  1. Download Virtualbox
  2. Download Kali or Parrot OS, in this example I picked Kali
  3. Setup Kali. My Kali configuration used the following (it works with less cores and ram):
  4. 4 CPUs
  5. 8192 MB RAM
  6. 40 GB
  7. 16 MB video memory, this was used to I could use full screen mode
  8. Audio enabled, this machine is for learning and watching a tutorial on YouTube is very likely
  9. NAT network adapter (More settings are needed when local target machines but this can be changed at any time)
  10. Shared Folder on the desktop of my host machine's user. The folder has full access and auto mounts. This makes it easy to share documents and commands since the clipboard can sometimes fail between the host machine and the attack VM

Now I spin up the Kali attack machine and run the installation process. Once it is finished, I have a full home lab attack machine that I can use to learn cybersecurity.

links

social