Introduction#
Welcome to your cybersecurity training journey! This guide will help you set up a complete ethical hacking lab environment and introduce you to popular training platforms. Whether you’re preparing for certifications like OSCP or just starting your security career, this guide has you covered.
Important Legal Disclaimer#
⚠️ READ THIS CAREFULLY:
The materials and techniques covered in this guide can be potentially damaging or dangerous if misused. Before proceeding:
- Check your local laws: Refer to the laws in your province/country before accessing, using, or utilizing these materials
- Educational purposes only: These materials are strictly for educational and research purposes
- Your responsibility: You assume full responsibility for the use of these materials
- No illegal activity: You must agree to not use this content for any illegal purpose
- Authorization required: Only perform security testing on systems you own or have explicit written permission to test
Prerequisites#
Before diving into ethical hacking labs, ensure you have:
- Basic Linux knowledge: Command line proficiency, file system navigation, basic scripting
- Networking fundamentals: TCP/IP, DNS, HTTP/HTTPS protocols
- Computer specifications: At least 8GB RAM (16GB recommended), 100GB free disk space
- Virtualization support: CPU with Intel VT-x or AMD-V enabled
- Curiosity and persistence: Security challenges require patience and creative problem-solving
Lab Environment Setup#
Why Build a Lab?#
A properly configured lab environment allows you to:
- Practice security techniques safely without legal concerns
- Learn by doing in realistic scenarios
- Test tools and exploits in isolation
- Prepare for professional certifications
- Develop hands-on skills that employers value
Virtualization Platform#
Choose and install one of these hypervisors:
VMware Workstation Pro/Player (Recommended for beginners)
- More user-friendly interface
- Better performance on most systems
- Excellent snapshot capabilities
VirtualBox (Free and open-source)
- Completely free
- Cross-platform support
- Good for learning basics
Proxmox VE (Advanced users)
- Enterprise-grade features
- Great for larger lab environments
- Steeper learning curve
Essential Virtual Machines#
1. Kali Linux (Attack Machine)#
Kali Linux is your primary penetration testing platform, pre-loaded with hundreds of security tools.
Setup Steps:
- Download Kali Linux VM image from kali.org
- Import into your hypervisor
- Update the system:
sudo apt update && sudo apt upgrade -y - Install additional tools as needed
- Create a snapshot after initial setup
Key Tools to Know:
- Nmap - Network scanning
- Metasploit - Exploitation framework
- Burp Suite - Web application testing
- John the Ripper - Password cracking
- Wireshark - Network analysis
2. Ubuntu VM (Target/Server)#
Ubuntu serves as a vulnerable target system for practicing attacks and a server for hosting services.
Setup Steps:
- Download Ubuntu Server/Desktop from ubuntu.com
- Install with default settings
- Configure network adapter (Host-Only or NAT)
- Install vulnerable applications for practice (DVWA, WebGoat, etc.)
- Take snapshots before and after configurations
Use Cases:
- Practice Linux privilege escalation
- Host vulnerable web applications
- Learn system hardening techniques
- Practice log analysis
3. Windows 10 VM (Target System)#
A Windows client system for practicing Windows-specific attacks.
Setup Steps:
- Download Windows 10 evaluation ISO from Microsoft
- Install in your hypervisor
- Disable Windows Defender for lab use
- Install common applications
- Create user accounts with varying privileges
Practice Scenarios:
- Active Directory attacks (when paired with Windows Server)
- Password attacks (hash dumping, pass-the-hash)
- Privilege escalation techniques
- Phishing simulation and Office macro attacks
4. Windows Server 2019 VM (Domain Controller)#
Essential for practicing enterprise-level attacks.
Setup Steps:
- Download Windows Server 2019 evaluation from Microsoft
- Install and configure Active Directory Domain Services
- Create domain users and groups
- Join Windows 10 VM to the domain
- Configure Group Policies
Practice Scenarios:
- Active Directory enumeration
- Kerberos attacks (Golden Ticket, Silver Ticket)
- Domain privilege escalation
- Lateral movement techniques
Network Configuration#
Create multiple network segments for isolation:
Network 1: Internet Access
- NAT mode
- For updating systems and downloading tools
- Kali Linux primary adapter
Network 2: Isolated Lab Network
- Host-Only or Internal Network
- No internet access for victim machines
- All VMs have adapters here for inter-VM communication
Network 3: Management Network (Optional)
- For accessing VM consoles
- Separate from attack/target networks
Training Platforms#
Hack The Box (HTB)#
What is HTB?
- Real-world penetration testing scenarios
- Active machines that require creative problem-solving
- Community-driven platform with forums and walkthroughs
- Pro Labs simulate enterprise networks
Getting Started:
- Create a free account
- Complete the starting point machines
- Connect via VPN to access lab machines
- Progress from easy to insane difficulty
- Join the HTB Discord for community support
Best For:
- OSCP preparation
- Real-world scenario practice
- Learning from community writeups
TryHackMe (THM)#
What is THM?
- Guided learning paths with hands-on rooms
- More beginner-friendly than HTB
- Built-in browser-based access (no VPN required)
- Structured learning paths for different roles
Getting Started:
- Create a free account
- Start with “Complete Beginner” path
- Deploy machines directly in browser
- Follow guided tutorials with hints
- Earn certificates for completed paths
Best For:
- Absolute beginners
- Structured learning paths
- Understanding concepts before exploitation
OSCP Preparation#
If you’re preparing for the Offensive Security Certified Professional (OSCP) certification:
Practice Strategy:
- Master the basics on TryHackMe
- Progress to HTB machines (focus on OSCP-like boxes)
- Practice in your local lab daily
- Build a methodology for enumeration and exploitation
- Document everything - note-taking is crucial
- Focus on manual exploitation, not just automated tools
Recommended Practice:
- 10-20 HTB machines (varying difficulty)
- Complete OffSec’s PWK course materials
- Build custom vulnerable VMs
- Practice privilege escalation techniques extensively
- Perfect your report writing skills
Learning Path#
Phase 1: Foundations (Weeks 1-4)#
- Set up all lab VMs
- Complete TryHackMe “Complete Beginner” path
- Learn basic networking and Linux commands
- Understand the cyber kill chain
- Practice with intentionally vulnerable apps (DVWA, WebGoat)
Phase 2: Active Reconnaissance (Weeks 5-8)#
- Master Nmap scanning techniques
- Learn web enumeration (dirb, gobuster, ffuf)
- Practice information gathering methodologies
- Complete 5 “Easy” HTB machines
- Start maintaining detailed notes
Phase 3: Exploitation Basics (Weeks 9-12)#
- Learn common web vulnerabilities (OWASP Top 10)
- Practice with Metasploit framework
- Understand buffer overflows (basic)
- Complete 5 more HTB machines (Easy to Medium)
- Study exploit development basics
Phase 4: Post-Exploitation (Weeks 13-16)#
- Master privilege escalation on Linux and Windows
- Learn lateral movement techniques
- Practice data exfiltration methods
- Complete 10 Medium difficulty HTB machines
- Document your methodology
Phase 5: Advanced Techniques (Weeks 17+)#
- Active Directory attacks
- Advanced exploitation techniques
- Bypassing security controls
- Complete Hard/Insane HTB machines
- Practice time-management for OSCP-style exams
Essential Tools#
Reconnaissance#
- Nmap: Network scanning and service enumeration
- Masscan: High-speed port scanner
- Gobuster/Feroxbuster: Directory and file brute-forcing
- Amass: DNS enumeration and mapping
Exploitation#
- Metasploit: Comprehensive exploitation framework
- SQLmap: Automated SQL injection tool
- Burp Suite: Web application security testing
- ExploitDB: Database of public exploits
Post-Exploitation#
- LinPEAS/WinPEAS: Privilege escalation enumeration
- Mimikatz: Windows credential extraction
- PowerShell Empire: Post-exploitation framework
- BloodHound: Active Directory relationship mapping
Utility Tools#
- tmux: Terminal multiplexer for managing sessions
- CherryTree/Obsidian: Note-taking and documentation
- Netcat: Network utility for various tasks
- Python: Scripting and tool customization
Best Practices#
Lab Management#
- Take snapshots frequently: Before and after major changes
- Keep systems updated: Update tools and VMs regularly
- Organize your workspace: Maintain a clean folder structure
- Back up your data: Export important VMs and notes
Learning Methodology#
- Enumerate thoroughly: Spend time on reconnaissance
- Try harder: Don’t give up when stuck - persistence is key
- Document everything: Keep detailed notes of commands and findings
- Learn from failures: Analyze what didn’t work and why
- Understand, don’t just copy: Learn the underlying concepts
Security Practices#
- Isolate your lab: Keep attack VMs on isolated networks
- Never attack real systems: Only test on your own or authorized systems
- Be cautious with malware: Handle malicious files in isolated environments
- Protect your notes: Encrypt sensitive findings and credentials
- Practice responsible disclosure: Report vulnerabilities properly
Resources#
Learning Materials#
- OWASP Testing Guide
- HackTricks - Comprehensive pentesting wiki
- PayloadsAllTheThings - Payload collection
- GTFOBins - Unix binary exploitation
- LOLBAS - Windows binary exploitation
Video Tutorials#
- IppSec - HTB machine walkthroughs
- John Hammond - Security challenges and tutorials
- HackerSploit - Penetration testing tutorials
- The Cyber Mentor - Ethical hacking courses
Communities#
- Netsectap Labs Discord - Join the #netsectap-llm channel
- HTB Forums and Discord
- TryHackMe Discord
- Reddit: r/oscp, r/netsec, r/AskNetsec
Troubleshooting Common Issues#
VM Performance Issues#
- Allocate adequate RAM (4GB minimum per VM)
- Enable hardware virtualization in BIOS
- Use SSD storage for better performance
- Limit number of running VMs
Network Connectivity Problems#
- Verify network adapter settings
- Check firewall rules on host and guest
- Ensure VPN is connected (for HTB)
- Test with ping and basic connectivity tools
Tool Errors#
- Update Kali Linux:
sudo apt update && sudo apt upgrade - Check tool documentation and GitHub issues
- Verify syntax and required parameters
- Search for error messages online
Getting Help#
When You’re Stuck#
- Enumerate more: Often the answer is in better reconnaissance
- Check the forum: Someone may have asked the same question
- Take a break: Fresh perspective helps
- Ask the community: Use Discord channels for guidance
- Review walkthroughs: After trying yourself, learn from others
Community Support#
- Join our Discord community for real-time help
- Check our blog posts for detailed tutorials
- Use our AI Platform for quick questions
- Watch video walkthroughs for visual learning
Next Steps#
Now that you have your lab environment set up:
- Complete your first challenge: Start with an easy TryHackMe room
- Document your process: Practice good note-taking habits from day one
- Join the community: Connect with other learners on Discord
- Set goals: Define what you want to achieve (certification, career change, etc.)
- Practice consistently: Dedicate regular time to hands-on practice
Additional Resources#
For more detailed information, check out:
- Complete lab setup repository - Detailed VM configurations and guides
- Netsectap Labs Blog - Tutorials and walkthroughs
- AI Platform - AI-assisted learning and research
Remember: The key to success in cybersecurity is consistent practice, thorough enumeration, and never giving up. Happy hacking, and hack responsibly!
This guide is part of Netsectap Labs’ commitment to providing quality cybersecurity education and training resources.