Become a Partner
Add OffSec to your list of training providers
Partner with usOffSec's new course and certification helps open doors to an exciting cybersecurity career.
Blog
Sep 23, 2020
Build your own home lab with this extensive guide from TJnull. He covers the why and how, offers points of consideration, and shares his top resources.
19 min read
This blog post was originally published by TJnull on NetSec Focus on September 21, 2020 and has been posted here in full.
When I started my infosec journey, I remember attending an awesome talk called “The AVATAR Project and You” by da_667 at BSIDES Charm 2017. Da_667 talked about a guide he was writing about building your own lab environment which would allow you to tailor it to suit your own needs. This talk and his book “building virtual machine labs a hands-on guide” was where my journey would begin so that I could build my cybersecurity homelab.
In this guide I will provide a variety of tips, tools, and resources to help you get some ideas on how to build your cybersecurity homelab.
This guide does not contain all the answers you will need to build your home lab. You should use it as a way for getting ideas on how you want to build your home lab. In addition, you should also think about the type of environment you want to set up to practice/build your skillset. After all, this should be a fun and exciting adventure to try out!
Take the time to do your research.
This lab should be the place you want to use to build your skills whether you are in infosec or IT. Having a home lab will allow you to try out new things and build different topologies. A cybersecurity home lab should be a place where you can be able to build anything you need and tear down when things go wrong.
It is important to have a separate system that does not contain any important data such as personal files, sensitive information, etc. This system/lab will be your playground.
Before you decide to spin up an entire data center in your house (you do not need to do that, trust me) there are some things you want to think about. Here are some questions you should ask yourself first:
Once you have answered these questions, you can move forward.
Depending on the situation, the machine you are using may not be enough to start your homelab. However, you can still do a lot of things.
Upgrading Hardware:
It is important to look into the following parts to upgrade in your system:
RAM/memory: The more RAM you have in your system, the better performance to run the projects you need.
Storage: Depending on the project/systems you want to spin up, you are going to need some drives to store all of it. Having multiple drives will make it easier to consolidate your machines and also give you the ability to conduct backups in case something happens. In addition, you can look into getting a network attached storage (NAS) to consolidate your machines in a separate place.
If you want to find a place that reviews the different types of drives or storage solutions https://www.storagereview.com/consumer is a good place to find recommendations.
CPU: More cores and a better CPU clock speed will allow you to run multiple tasks on your system. Make sure that your CPU is able to run the CPU Virtualization feature if you plan to run virtual machines on your systems.
Dedicated Machine:
Having a dedicated machine or converting an old machine is a great way to run your virtual machines in a separate environment. Keep in mind, all three areas which are mentioned in ‘Upgrading Hardware’ (CPU, RAM, hard drive) need to have highest priority when you plan to have a dedicated machine.
If you choose to get into password cracking, using GPUs instead of CPUs increases the cracking speed by a factor of hundreds, if not thousands. However, the specifications of this machine would need to be different as power cooling and space becomes more of an issue.
Additional Hardware:
There are a variety of devices that you can find to expand your cybersecurity homelab, but it depends on what you want to learn and what you would like to try out. Here are a few devices that you should look into having:
Depending on the budget you have and the requirements for hardware that you want, there are a variety options to choose for setting up your lab:
PC Parts/Components:
https://pcpartpicker.com/list/: This site is a good start if you want to compare the parts/specs that you may be looking for. In addition, the site includes a price comparison option to show you what retailer is selling the part/component for a lower price. They also have users who share their custom builds to give other people an idea of how they want to build out their computers which you could use to figure out your lab.
Small Form Factor Builds:
Raspberry Pi (https://www.raspberrypi.org/): An affordable single-board computer that has the power to run a variety of different projects that can be added to your lab. It has the ability to run different Linux distributions that you can use for your lab projects.
Intel NUCs (https://www.intel.com/content/www/us/en/products/boards-kits/nuc.html): Do not be fooled by the form factor of these mini PCs as they do pack a punch. This would be a good system if you are looking to save power, reduce noise, and most importantly, save space.
AMD Mini PCs (https://www.amd.com/en/products/embedded-minipc-solutions): AMD also has their own set of small form computers that you can purchase as well. They can be able to run the Ryzen processor chipset as well on some of them.
Servers:
As technology continues to be improved, older technology needs to be decommissioned or have an end of life (EOL). As these servers get decommissioned, this is also a good chance to repurpose them for your project. Before you decide to buy a server, you need to answer the following questions:
If you have answered these questions and are okay with your answers, then you are ready to obtain a server! There are a lot of good resources to help you find a server and the hardware you need for it. Here are some resources you can use to help you find a server for your lab:
Lab Gopher (https://labgopher.com/): The best place to look for buying a server! This site allows you to parse through servers that are listed on ebay that match the criteria you are looking for. You can filter options like RAM, storage, type of server, etc to find the one that you can use for your lab.
Other places to buy servers:
Other resources for buying a server/hardware:
Having your own network setup can give you the ability to build your computer networking skills and to learn more about how your network is operating. Building your own network will allow you to isolate/segment your lab from your personal network, transfer files, and isolate certain systems from accessing the internet.
If you want to purchase your own network hardware, you should look for network equipment that will be able to utilize the network speed you are receiving from your ISP. However, you can also virtualize your network if you plan to virtualize your entire lab on the hardware you have. You could even use a Raspberry Pi (depending on the model) to run your network firewall or router.
Finding network hardware:
Once you have the hardware set up, it is time to decide what software you want to use for your lab. Here are a few types of software that you should think about implementing:
There are different types of virtualization software that you can use to run your virtual machines in your lab. One of the main benefits of using virtualization software is you have the ability to create snapshots which allow you to revert the system to a known state. Keep in mind that each virtualization software offers their own benefits depending on the situation you are planning to utilize them in your lab.
Virtualization software that you can run on your desktop:
Virtualization software that you can run on your server:
Note: If you are planning to run your hypervisor on a wireless connection, I would recommend using Hyper-V or Proxmox because VMware-ESXI does not support the drivers for wireless devices. Make sure the wireless card that you are using can support the Infrastructure mode.
Containers:
When you are setting up a virtualized environment, containers can be a good solution that allows you to run certain applications, services, or tools in an isolated environment. In addition, these containers can be easily spun up and taken down when you are doing testing on certain programs. In order for you to run containers in your lab, you will need a host operating system and software that will run the containers. Here is a list of programs that you can use to spin up containers:
In case you do not have the ability to purchase your own hardware network equipment, you may be able to run some of these network devices as a virtual machine to manage the network in your lab. Here is a list of certain network devices that you can virtualize for your lab.
Routers:
Firewalls:
For Raspberry Pi you could also run Pi-Hole (https://pi-hole.net/). The Pi-Hole is a Linux network-level advertisement and Internet tracker application blocker which acts as a DNS sinkhole. When the Pi-Hole is configured it will act as a DNS Server on your private network.
In infosec it is important to learn both variants of Windows and Linux systems because you need to understand the fundamentals of these operating systems. Most corporations will have a mix of Windows or Linux systems in their environment that need to be protected. If a attack occurs you will need to assess the system and if you do not know how to analyze both of these operating systems, then you are in trouble. Having these operating systems in your home lab is where learning the fundamentals of the Linux or Windows operating system is essential.
Due to the license with which Microsoft Windows is distributed, a valid license needs to be purchased to cover the number of instances installed. However, the Microsoft Evaluation Center gives you the ability to run certain operating systems for a certain amount of time (90-120 days).
Here are the only systems you can get from the Microsoft Evaluation Center: https://www.microsoft.com/en-us/evalcenter/
Finding old versions of Windows can be tough but with a little help from Google we can find some shares that have them hosted publicly. Archive.org (https://archive.org) is another place to find older versions of Windows. Take your time to find the versions you are looking for as some of the files may not be actual the ISOs you need.
Alternatively, a Visual Studio subscription can be purchased, allowing access to a wide range of Windows versions, both currently for sale and discontinued.
If you are a college student or you have a college email address you may have the ability to access OnTheHub. OnTheHub is a discount center for students that can download products from Microsoft, Adobe, VMware and much more. If you want to know if your school is registered you can check here: https://onthehub.com/search
In the beginning there was UNIX. This name is trademarked and given to systems which meet Single UNIX Specification (SUS). (Using the term UNIX in any other manner isn’t technically allowed.) From UNIX grew Berkeley Software Distribution (BSD) sometimes called Berkeley Unix or BSD UNIX and similar UNIX operating systems, which didn’t fully meet the specification. (From BSD UNIX came Darwin, which is the core of Apple OS X & iOS).
These similar UNIX OSs included MINIX, and various of the BSD which did not fully meet their criteria. With the growth of these UNIX clones (referred to as *NIX) variations formed, such as Linux.
The Linux system is derived from UNIX as it is a continuation of the basis of UNIX design. Linux also refers to the kernel of the GNU/Linux Operating system, as the original code was developed by Linus Torvalds and the GNU Foundation. Each Linux distribution consists of having a Linux kernel, GNU system, GNU utilities, libraries, compiler, additional software, documentation, a window system, a window manager, and a desktop environment.
Wikipedia has a detailed list of the family tree of Linux which can be found here. Websites have been set up to track the updates of their releases; a good project is Distro Watch.
There is a wide range of operating systems which have been mentioned in the above lines, the vast majority of them free and open source. However, there are a few which are commercial.
With this in mind, you are able to freely download and try many of the OS types. Using them will help you build up UNIX and *NIX skills, giving you a deeper computer knowledge.
This OS has been designed to use Apple’s hardware (using it on non-Apple hardware is breaking their EULA). Various different virtualizing solutions (VMware Fusion and Parallel Desktop – neither are free) support OS X as a guest OS, allowing for a VM to be created on which to practice.
After you have selected a few operating systems you want to run in your home lab, you should figure out what kind of programs or services you want to run on them. Keep in mind that certain services will only run on certain operating systems, so you will need to make sure you are using the correct operating system to run that desired service.
Here are a few recommendations of services that you should learn how to set up and play with.File/Storage Services:
Web Services:
Can only be installed on Windows:
Other Services:
Once you have set up all your services, you are going to need some software or systems that pack a variety of security monitoring tools into it. After all, if you want to be in infosec you need to understand how certain attacks work and how to defend against it.
Monitoring Systems:
Monitoring Services:
Although Security Onion packs a variety of tools into one system, it can be tough to learn all of them at once. It is important to learn how to configure some of these monitoring services manually for the first time and it also might be enough for what you need. Here are some services we recommend looking into depending on what type of monitoring you want to conduct on your home lab:
Network Intrusion Detection/Prevention Services:
Host-Based Endpoint Detection Services:
Endpoint Log Collectors:
Security Information and Event Management (SIEM) Tools:
With all of the data you are going to be collecting and reviewing, you are going to need a SIEM to review it all at once. Security Onion and Tpot both use Elasticsearch, Logstash, and Kibana to help visualize the data you see. However, there are some other alternatives that people in the infosec community use as their SIEM. Here are some tools you may be interested in playing with:
This section contains a variety of links I saved when I was looking to build my cybersecurity home lab.
Hardware:
Government auction sites to find servers or network equipment:
Keep in mind what you bid on – if you win the bid you only have a few days to pick it up!
Raspberry Pi:
Building your own Raspberry Pi Cluster:
Cluster Boards:
Networking:
pfSense Resources:
DD-WRT:
Software:
https://github.com/awesome-selfhosted/awesome-selfhosted
Tools to Draw Network Diagrams:
Online Tools:
Draw.io: https://app.diagrams.net/
Creately: https://app.creately.com/diagram/
LucidChart: https://www.lucidchart.com/pages/
Offline Tools:
Microsoft Visio: https://www.microsoft.com/en-us/microsoft-365/visio/flowchart-software
Edraw: https://www.edrawsoft.com/edraw-max/
Windows:
Windows Active Directory: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview
Tool/Scripts to automate the deployment of your Windows Lab:
Linux:
Tools:
Centrify (Active Directory Integration): https://www.centrify.com/pam/authentication-service/active-directory-bridging/integration/
This tool allows you to integrate your linux systems into Active Directory and they can be able to easily join the domain. This allow provides the ability to do single sign-on (SSO)
Other Tools/Scripts for HomeLab Automation:
These tools can be used to automate some of the manual work you will have to do in your cybersecurity homelab. Depending on which tool you use, it will take some time to understand how they work but it can save hours from rebuilding those systems from scratch.
Terraform: https://www.terraform.io/
Ansible: https://www.ansible.com/resources/get-started
Puppet: https://puppet.com/
Having a cybersecurity home lab is a great way to build your skills and experience. It is important to be patient when you decide to build your lab and customize it the way you like it. There are a variety of ways to build a home lab, but make sure the way you build it matches your intended purpose. Most importantly, I hope the resources and tips that I have provided in this guide will give you a good baseline to get started.
TJ is the community manager for Offensive Security and is a pentester in the private sector. He’s very passionate about red team development and supporting open source projects like Kali Linux. TJ earned a BS in Cybersecurity from the University of Maryland University College (UMUC) where he is a board member for the award-winning UMUC Cyber Padawans. Over the years, he has participated in over 250 cybersecurity competitions across the globe and is a two-time SANS Netwars Champion. You can find TJ on a variety of community platforms as he is also a moderator for NetSec Focus and The Many Hats Club (THMC).