Building a home lab

fullcrowmoon

I've got a couple-three spare laptops lying around that I use to mess around with Kali Linux and Wireshark and things of that sort, but lately I've been thinking I'd like to build a fair-to-middlin' sandbox for some real play time.

Who here has built a home lab and how did you do it? I'd like to hear success stories and horror stories both, and if anyone wants to proffer free advice before I start spending money on hardware, I wouldn't mind.

Yes, I searched through the forum for items of this sort, but didn't come across anything recent, so it seemed like a good discussion question to ask.

tedjames

Udemy offers a free course entitled, "Build Your Own Cyber Lab at Home."

Don't know if it's any good, but it's free, so you have nothing to lose but time.

quickman007

What's the lab for? Pentesting?

fullcrowmoon

tedjames wrote: »

Udemy offers a free course entitled, "Build Your Own Cyber Lab at Home."

Don't know if it's any good, but it's free, so you have nothing to lose but time.

Excellent idea, thank you!

fullcrowmoon

Pentesting, modeling exploits, etc., etc., and so forth. Also because I can.

tedjames

Just found this: https://blogs.cisco.com/cin/building_your_own_hack_lab

There's also a lot of stuff on Youtube.

fullcrowmoon

tedjames wrote: »

Just found this: https://blogs.cisco.com/cin/building_your_own_hack_lab

There's also a lot of stuff on Youtube.

Excellent, thank you!

bigdogz

I have a great deal of hardware, some that sits because I have run into life

I just bought a laptop with i7 processor, 32 GB of RAM, 1 TB HD and a 17" display.

I will be placing VMware on it. The box comes with Windows 8 w/ a free upgrade to 10.
The other VM's I will install are Kali, Backbox, CentOS, Weakerth4n, DEFT, OWASP Labrat, and vary on my Windows server versions. I know some distros may be old but I would like to play a little.

I am going to buy Burbsuite, get Core Impact, FTK and Qualys as demos and go from there.... depending on Pen test or Forensics objectives.

Segovia

I used to really love Damn Vulnerable Linux but sadly it has been discontinued

However, you should check out vulnhub.com Great fun

Also, http://overthewire.org/wargames/

But some of those other than Bandit can be quite a challenge.

renacido

Segovia wrote: »

I used to really love Damn Vulnerable Linux but sadly it has been discontinued

Metaploitable 2 works well for me.


My home lab:

- Dell Poweredge server bought off Craig's List for $130 (dual Xeon processors, 16GB RAM) running ESXi and all this:
-- vSphere Essentials ($230 for 1-yr w/ coupon)
-- Pfsense (free)
-- Kali2 VM (free)
-- Varios free versions and open source tools (Nessus, Nexpose, Burp)
-- Exploitable VMs (metasploitable2, webgoat, etc) (free)
-- DMZ (virtual) with Hyper-V host for sandboxing, malware/exploit analysis, tinkering (free)

Also:
- $100 old desktop bought from Goodwill for dedicated Sophos UTM (free home version)
- 2 home routers running dd-wrt, one for regular home network, one for lab

Future plans:
- Forensic & reverse engineering setup
- Honeypot

fullcrowmoon

bigdogz wrote: »

I have a great deal of hardware, some that sits because I have run into life

I just bought a laptop with i7 processor, 32 GB of RAM, 1 TB HD and a 17" display.

I will be placing VMware on it. The box comes with Windows 8 w/ a free upgrade to 10.
The other VM's I will install are Kali, Backbox, CentOS, Weakerth4n, DEFT, OWASP Labrat, and vary on my Windows server versions. I know some distros may be old but I would like to play a little.

I am going to buy Burbsuite, get Core Impact, FTK and Qualys as demos and go from there.... depending on Pen test or Forensics objectives.

I want to help!

fullcrowmoon

I think I know where all my Christmas money is going.

Segovia

renacido wrote: »

My home lab:

- Dell Poweredge server bought off Craig's List for $130 (dual Xeon processors, 16GB RAM) running ESXi and all this:
-- vSphere Essentials ($230 for 1-yr w/ coupon)
-- Pfsense (free)
-- Kali2 VM (free)
-- Varios free versions and open source tools (Nessus, Nexpose, Burp)
-- Exploitable VMs (metasploitable2, webgoat, etc) (free)
-- DMZ (virtual) with Hyper-V host for sandboxing, malware/exploit analysis, tinkering (free)

Also:
- $100 old desktop bought from Goodwill for dedicated Sophos UTM (free home version)
- 2 home routers running dd-wrt, one for regular home network, one for lab

Future plans:
- Forensic & reverse engineering setup
- Honeypot

This looks really awesome, and not too expensive. The main concern I have is the added cost to the power bill, especially during the winter.

gorebrush

My home lab consists of: -

3 PC's
Xeon E3-1231V3, 32GB ECC RAM, Many hard disks and SSD's, NIC's and ESX
i7-2600, 32GB RAM, 1 SSD, NIC's and ESX
i5-4570S, 32GB RAM, 1 SSD, Linux
Atom D510 pfSense server (my main internet router)

With the two ESX servers I can run all manner of VM's containing OS'es for all sorts of purposes, Windows Server, Cisco Routers, Firewalls, Linux, BSD, FreeNAS all sorts of stuff.

I used the i5-4570S as my original home lab ESX server and had 20 CSR routers on it. I passed my CCIE in Feb, so I am very happy I've got my return out of it already no matter what else I do with it.

I bought the Xeon very recently to run FreeNAS and this machine has 4x2TB disks, 2 SSD's. The FreeNAS VM has 2x30GB virtual disks for ZIL and 1x40GB of L2ARC and 16GB RAM assigned to it, and this box runs Plex and one or two servers that I don't want to mess with regularly.

The i7-2600 is now the main ESX server that runs all the VM's I can play with on.

I love my lab, I can do anything I want with it.

bigdogz

How much did the CSR cost? I think I found one for ~ $1,300.

gorebrush

Cisco CSR1000V = free

alan2308

Segovia wrote: »

I used to really love Damn Vulnerable Linux but sadly it has been discontinued

What's the problem, did it stop being vulnerable?

Segovia

Haha!

Well I'm not sure... Even the old website isn't "there" anymore. But I think it was due to a lack of interest or a focus shift onto Metasploitable projects.