Building a home lab

fullcrowmoonfullcrowmoon Member Posts: 172
I've got a couple-three spare laptops lying around that I use to mess around with Kali Linux and Wireshark and things of that sort, but lately I've been thinking I'd like to build a fair-to-middlin' sandbox for some real play time.

Who here has built a home lab and how did you do it? I'd like to hear success stories and horror stories both, and if anyone wants to proffer free advice before I start spending money on hardware, I wouldn't mind. icon_cool.gif

Yes, I searched through the forum for items of this sort, but didn't come across anything recent, so it seemed like a good discussion question to ask.
"It's so stimulating being your hat!"
"... but everything changed when the Fire Nation attacked."

Comments

  • tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
    Udemy offers a free course entitled, "Build Your Own Cyber Lab at Home."

    Don't know if it's any good, but it's free, so you have nothing to lose but time.
  • quickman007quickman007 Member Posts: 195
    What's the lab for? Pentesting?
  • fullcrowmoonfullcrowmoon Member Posts: 172
    tedjames wrote: »
    Udemy offers a free course entitled, "Build Your Own Cyber Lab at Home."

    Don't know if it's any good, but it's free, so you have nothing to lose but time.

    Excellent idea, thank you!
    "It's so stimulating being your hat!"
    "... but everything changed when the Fire Nation attacked."
  • fullcrowmoonfullcrowmoon Member Posts: 172
    Pentesting, modeling exploits, etc., etc., and so forth. Also because I can.
    "It's so stimulating being your hat!"
    "... but everything changed when the Fire Nation attacked."
  • tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
    Just found this: https://blogs.cisco.com/cin/building_your_own_hack_lab

    There's also a lot of stuff on Youtube.
  • fullcrowmoonfullcrowmoon Member Posts: 172
    tedjames wrote: »
    Just found this: https://blogs.cisco.com/cin/building_your_own_hack_lab

    There's also a lot of stuff on Youtube.

    Excellent, thank you!
    "It's so stimulating being your hat!"
    "... but everything changed when the Fire Nation attacked."
  • bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    I have a great deal of hardware, some that sits because I have run into life :)

    I just bought a laptop with i7 processor, 32 GB of RAM, 1 TB HD and a 17" display.

    I will be placing VMware on it. The box comes with Windows 8 w/ a free upgrade to 10.
    The other VM's I will install are Kali, Backbox, CentOS, Weakerth4n, DEFT, OWASP Labrat, and vary on my Windows server versions. I know some distros may be old but I would like to play a little.

    I am going to buy Burbsuite, get Core Impact, FTK and Qualys as demos and go from there.... depending on Pen test or Forensics objectives.
  • SegoviaSegovia Member Posts: 119
    I used to really love Damn Vulnerable Linux but sadly it has been discontinued :'(

    However, you should check out vulnhub.com Great fun

    Also, http://overthewire.org/wargames/

    But some of those other than Bandit can be quite a challenge.
    WGU BS - IT Security ... Enrollment Date 10/15 ... Progress 45/124 CU {36%}
  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    Segovia wrote: »
    I used to really love Damn Vulnerable Linux but sadly it has been discontinued :'(

    Metaploitable 2 works well for me.


    My home lab:

    - Dell Poweredge server bought off Craig's List for $130 (dual Xeon processors, 16GB RAM) running ESXi and all this:
    -- vSphere Essentials ($230 for 1-yr w/ coupon)
    -- Pfsense (free)
    -- Kali2 VM (free)
    -- Varios free versions and open source tools (Nessus, Nexpose, Burp)
    -- Exploitable VMs (metasploitable2, webgoat, etc) (free)
    -- DMZ (virtual) with Hyper-V host for sandboxing, malware/exploit analysis, tinkering (free)

    Also:
    - $100 old desktop bought from Goodwill for dedicated Sophos UTM (free home version)
    - 2 home routers running dd-wrt, one for regular home network, one for lab

    Future plans:
    - Forensic & reverse engineering setup
    - Honeypot
  • fullcrowmoonfullcrowmoon Member Posts: 172
    bigdogz wrote: »
    I have a great deal of hardware, some that sits because I have run into life :)

    I just bought a laptop with i7 processor, 32 GB of RAM, 1 TB HD and a 17" display.

    I will be placing VMware on it. The box comes with Windows 8 w/ a free upgrade to 10.
    The other VM's I will install are Kali, Backbox, CentOS, Weakerth4n, DEFT, OWASP Labrat, and vary on my Windows server versions. I know some distros may be old but I would like to play a little.

    I am going to buy Burbsuite, get Core Impact, FTK and Qualys as demos and go from there.... depending on Pen test or Forensics objectives.

    I want to help!
    "It's so stimulating being your hat!"
    "... but everything changed when the Fire Nation attacked."
  • fullcrowmoonfullcrowmoon Member Posts: 172
    I think I know where all my Christmas money is going.
    "It's so stimulating being your hat!"
    "... but everything changed when the Fire Nation attacked."
  • SegoviaSegovia Member Posts: 119
    renacido wrote: »
    My home lab:

    - Dell Poweredge server bought off Craig's List for $130 (dual Xeon processors, 16GB RAM) running ESXi and all this:
    -- vSphere Essentials ($230 for 1-yr w/ coupon)
    -- Pfsense (free)
    -- Kali2 VM (free)
    -- Varios free versions and open source tools (Nessus, Nexpose, Burp)
    -- Exploitable VMs (metasploitable2, webgoat, etc) (free)
    -- DMZ (virtual) with Hyper-V host for sandboxing, malware/exploit analysis, tinkering (free)

    Also:
    - $100 old desktop bought from Goodwill for dedicated Sophos UTM (free home version)
    - 2 home routers running dd-wrt, one for regular home network, one for lab

    Future plans:
    - Forensic & reverse engineering setup
    - Honeypot

    This looks really awesome, and not too expensive. The main concern I have is the added cost to the power bill, especially during the winter.
    WGU BS - IT Security ... Enrollment Date 10/15 ... Progress 45/124 CU {36%}
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    My home lab consists of: -

    3 PC's
    Xeon E3-1231V3, 32GB ECC RAM, Many hard disks and SSD's, NIC's and ESX
    i7-2600, 32GB RAM, 1 SSD, NIC's and ESX
    i5-4570S, 32GB RAM, 1 SSD, Linux
    Atom D510 pfSense server (my main internet router)

    With the two ESX servers I can run all manner of VM's containing OS'es for all sorts of purposes, Windows Server, Cisco Routers, Firewalls, Linux, BSD, FreeNAS all sorts of stuff.

    I used the i5-4570S as my original home lab ESX server and had 20 CSR routers on it. I passed my CCIE in Feb, so I am very happy I've got my return out of it already no matter what else I do with it.

    I bought the Xeon very recently to run FreeNAS and this machine has 4x2TB disks, 2 SSD's. The FreeNAS VM has 2x30GB virtual disks for ZIL and 1x40GB of L2ARC and 16GB RAM assigned to it, and this box runs Plex and one or two servers that I don't want to mess with regularly.

    The i7-2600 is now the main ESX server that runs all the VM's I can play with on.

    I love my lab, I can do anything I want with it.
  • bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    How much did the CSR cost? I think I found one for ~ $1,300.
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    Cisco CSR1000V = free :)
  • alan2308alan2308 Member Posts: 1,854 ■■■■■■■■□□
    Segovia wrote: »
    I used to really love Damn Vulnerable Linux but sadly it has been discontinued :'(

    What's the problem, did it stop being vulnerable?
  • SegoviaSegovia Member Posts: 119
    Haha!

    Well I'm not sure... Even the old website isn't "there" anymore. But I think it was due to a lack of interest or a focus shift onto Metasploitable projects.
    WGU BS - IT Security ... Enrollment Date 10/15 ... Progress 45/124 CU {36%}
Sign In or Register to comment.