For quite some time I have desired to create my own home lab dedicated to Blue Team. I also had the same desire to create one for Red Team but, it always ended up in having a single Kali Linux and maybe 1 or 2 machines, because I was always learning on online platforms where you are already provided with an environment for learning. You would only download a VPN, connect to it, and start with the practice. Now I finally started working on my own virtual home lab dedicated to all blue team juniors who are starting this path and want’s to practice specific tools and methodologies outside of learning platforms, which are amazing btw, but then again you mostly focused on what they are created for, not for free research and testing.
Note: During the writing of this series, I might edit some articles that are already published, in case I forgot something or find a better way of configuring or maybe updating my lab with new VMs. I will try to keep notes about what is edited if that happens.
I will create a series of articles dedicated to creating my own virtual home lab, which will include network topology, firewall, SIEM, DFIR, Kali Linux, and more. And the whole series will be dedicated mostly to those with limited resources. Why is that? Well, let me explain. Over the years I’ve been reading a lot of Reddit threads, forums, watching Youtube videos, and everybody is mentioning “Hey for 200-500$ you can get like 3 Cisco routers and Switches, along with a few phones” (basically complete CCNA lab) or “buy that and that server, on eBay you can find a great deal for like 200-300$ you can get 16CPU, 32GB RAM, 1TB SSD” and so on and on. Well in my country, people are selling Cisco routers 800 series which is old as s**t for like 50-100€ mostly, Cisco ASA is same old as s**t for 300-500€ which is absurd.
Servers are nothing better. Basic servers with 2-4CPU, 8GB RAM, and if you are lucky you might find one with a good HDD, which will cost between 300-800€. So it was cheaper for me to make few upgrades to my current laptop than to actually buy those servers and risk whether they are good or not, will I be able to find spare parts or to upgrade it at some point. That is why I decided to create my own virtual home lab 100% pure on my laptop. And of course, we are talking about home lab for practicing and playing with. If I needed some services that would actually need to run 24/7 like a personal firewall, ADblocker, Raspberry PI, etc. of course, in that case, I would buy a server (or a gaming PC, it would be a cheaper and better investment, to be honest).
So now that you know why I am going this way instead of getting physical hardware, let’s move on to my current laptop specifications and start building the lab. This first article with cover hardware requirements and tools we are going to use over the series and I will try to be as detailed as I can and will include additional materials for studying, practicing, or materials that helped me over the time.
When it comes to the hardware requirements, it all depends on what kind of environment you want/need and what kind of things you are going to perform. Somebody might be interested only in malware analysis. In that case, you won’t need maybe a SIEM, which btw. usually requires quite a lot of resources even for basic installation and tasks. Second, not all virtual machines (VMs) will run at the same time, you will over time play and test specific things (in case you want everything running at the same time, well…get the physical server(s)).
I am currently owning HP Pavilion Gaming Laptop 15 with the specs below:
- CPU: AMD Ryzen 7 4800H (8 cores, 16 threads)
- RAM: 2x ADATA SODIMM 16GB 3200MHz (recently upgraded from 16GB RAM)
- GPU: NVIDIA GeeForce GTX 1660 Ti
- HDD: 480GB SSD (I am planning on upgrading to either 1TB or 2TB as I am struggling a bit with the free space for the moment)
- OS: Fedora 35 KDE (good support for NVIDIA, regular kernel updates, no issue so far)
When I was buying this laptop, the most important requirement I had was a strong CPU (and a good graphic card if possible). As I prefer a laptop over a PC because of mobility and I got used to it, CPU was the only thing that is not possible to upgrade on a laptop (at least not that I am aware of), while RAM and SSD can easily be upgraded, so keep that in mind if you are getting a laptop. If you prefer a PC, then you have a lot more options.
This is a list of main tools that we will use:
- VMWare Workstation - This is for managing VMs. I have a Pro license and I am pretty happy with it. Of course, you can also use other alternatives like VirtualBox, which I used for years and it also does a pretty good job for home labs.
- draw.io - An open source tool for creating network topologies and diagrams that comes with quite a lot of great icons (Cisco, AWS, Microsoft, Google…).
- Joplin - Note-taking app which is open source and ultra cool. I like using it for all kinds of notes, but of course, you can use whatever suits you, even a basic notepad. This is just to have in mind what you want/need, what you already did, information about VMs, services, etc.
- Virtual Machines - All kind of virtual machines. I won’t name them all here, but some of those will be pfSense, Tsurugi, REMnux, and more.
Now that you are aware of my own setup and the tools that we are going to use, in the next part we will start with creating a list of network requirements, and VMs, and we will create our own first network topology which will be a base for our lab.