Emanuele Balsamo for CyberPath

Posted on Jan 2 • Originally published at cyberpath-hq.com

Building a Secure Home Lab: A Complete Guide

#homelab #learning #virtualization #practice

Originally published at Cyberpath

Why Build a Home Lab?

A home lab is essential for anyone serious about cybersecurity. It provides a safe practice environment where you can break things without consequences, gain hands-on experience by learning through doing rather than just reading, and prepare effectively for certifications like OSCP and CEH. Beyond technical skills, a well-documented home lab serves as a portfolio project that demonstrates your capabilities to employers.

The investment in time and resources pays significant dividends throughout your career. You gain the freedom to experiment with techniques and tools that would be inappropriate in production environments. The mistakes you make in your lab become valuable learning experiences rather than career-limiting incidents. As you build and maintain your lab, you develop practical skills in system administration, networking, and troubleshooting that complement your security knowledge.

INFO
Investment Worth Making:
A decent home lab setup costs between five hundred and fifteen hundred dollars for hardware, but the return on investment in terms of skills and career advancement is tremendous. Many professionals consider it essential for breaking into cybersecurity and continuing education throughout their careers.

Hardware Options

Option 1: Single Powerful Machine

A single powerful workstation offers the most straightforward path to building a home lab. The recommended specifications include an Intel i7 or i9 processor, or AMD Ryzen 7 or 9 with sixteen or more cores preferred for running multiple virtual machines simultaneously. RAM should be at least 32GB, though 64GB or more provides comfortable headroom for complex lab scenarios. For storage, combine a 1TB NVMe SSD for the hypervisor and active VMs with a 2TB HDD for backups and less frequently used images. This configuration typically costs between twelve hundred and two thousand dollars and provides sufficient resources for most home lab needs.

Option 2: Used Enterprise Server

Used enterprise servers from Dell PowerEdge R720 or R730 series, HP ProLiant DL380 Gen9, or Supermicro systems offer substantial computing power at lower costs than new consumer hardware. These systems provide more RAM and CPU cores than similarly priced consumer options and feature dedicated server-grade components designed for continuous operation. However, they come with significant drawbacks including datacenter-level noise that makes them unsuitable for living spaces, high power consumption that impacts electricity bills, and substantial physical size requiring dedicated space like a basement or garage.

Option 3: Cloud-Based Lab

Cloud providers including AWS with its free tier, Azure, Google Cloud Platform, and DigitalOcean enable building labs without physical hardware. This approach eliminates hardware maintenance concerns, provides on-demand scalability, and allows access from anywhere with internet connectivity. The trade-offs include ongoing operational costs that can exceed hardware purchases over time, dependency on internet connectivity for lab access, and less control over the underlying environment compared to physical hardware.

Home Lab Architecture

Here's a typical home lab network topology:

Software Components

Hypervisor

The hypervisor forms the foundation of your virtual lab environment. VMware ESXi represents the industry standard with excellent performance and robust management tools through vSphere. The free version provides core functionality though with limitations on advanced features. Hardware compatibility can be restrictive compared to other options. Proxmox VE offers a completely free open-source alternative that supports both virtual machines and containers. Its web-based management interface simplifies administration, though it has a smaller community compared to VMware and presents a steeper initial learning curve.

Essential VMs

1. Firewall/Router

# pfSense Configuration Steps
# 1. Download pfSense ISO
wget https://www.pfsense.org/download

# 2. Create VM with 2 network adapters
# - WAN: Connected to your home network
# - LAN: Connected to isolated lab network

# 3. Configure interfaces during installation
# 4. Access web interface at https://192.168.1.1

# 5. Basic hardening
# - Change default credentials
# - Enable HTTPS only
# - Configure firewall rules
# - Set up VLANs for network segmentation

2. Active Directory Domain

An Active Directory domain controller is essential for practicing enterprise-focused attacks and understanding Windows authentication mechanisms. Configure the domain with organizational units representing different departments, create user accounts with varying permission levels, and join workstations to the domain. This setup enables practice with attacks like Kerberoasting, Pass-the-Hash, and Golden Ticket attacks that are prevalent in real-world enterprise environments.

# Install Active Directory Domain Services
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

# Create a new forest
Install-ADDSForest `
    -DomainName "lab.local" `
    -DomainNetbiosName "LAB" `
    -ForestMode "WinThreshold" `
    -DomainMode "WinThreshold" `
    -InstallDns `
    -NoRebootOnCompletion

# After reboot, add some users
New-ADUser -Name "John Doe" -GivenName "John" -Surname "Doe" `
    -SamAccountName "jdoe" `
    -UserPrincipalName "jdoe@lab.local" `
    -Path "CN=Users,DC=lab,DC=local" `
    -AccountPassword (ConvertTo-SecureString "P@ssw0rd123!" -AsPlainText -Force) `
    -Enabled $true

# Create OUs for organization
New-ADOrganizationalUnit -Name "IT" -Path "DC=lab,DC=local"
New-ADOrganizationalUnit -Name "HR" -Path "DC=lab,DC=local"
New-ADOrganizationalUnit -Name "Finance" -Path "DC=lab,DC=local"

# Add computers to domain
Add-Computer -DomainName "lab.local" -Credential (Get-Credential)

3. Vulnerable Machines

Download and set up intentionally vulnerable VMs:

Machine	Focus Area	Difficulty
Metasploitable	General pentesting	Beginner
DVWA	Web application security	Beginner
VulnHub VMs	Various challenges	Beginner to Advanced
HackTheBox VMs	Real-world scenarios	Intermediate to Expert
OWASP WebGoat	Web security training	Beginner

4. Attack Machines

# Kali Linux setup script
#!/bin/bash

# Update system
sudo apt update && sudo apt upgrade -y

# Install additional tools
sudo apt install -y \
    bloodhound \
    neo4j \
    crackmapexec \
    impacket-scripts \
    evil-winrm \
    responder \
    gobuster \
    feroxbuster \
    nuclei

# Set up custom aliases
cat >> ~/.zshrc << 'EOF'
# Custom aliases
alias nse="ls /usr/share/nmap/scripts | grep"
alias ports="netstat -tulanp"
alias serve="python3 -m http.server"
alias phpserve="php -S 0.0.0.0:8000"

# Quick scans
alias quickscan="nmap -T4 -F"
alias fullscan="nmap -T4 -A -p-"
EOF

# Install VS Code for script development
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg
sudo install -D -o root -g root -m 644 packages.microsoft.gpg /etc/apt/keyrings/packages.microsoft.gpg
sudo sh -c 'echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list'
sudo apt update
sudo apt install code -y

echo "Kali setup complete!"

Network Segmentation

Proper network segmentation is crucial for a secure lab:

VLAN Configuration

# On pfSense or managed switch
# VLAN 10: Management (192.168.10.0/24)
# VLAN 20: Lab Network (192.168.20.0/24)
# VLAN 30: Production (192.168.30.0/24)

# Create firewall rules to:
# 1. Block Lab Network from accessing Production
# 2. Allow Management to access all networks
# 3. Allow Lab Network to access Internet (optional)

Monitoring and Logging

Set up a Security Information and Event Management (SIEM) system:

Option 1: Splunk (Free License)

# Download Splunk
wget -O splunk.tgz 'https://www.splunk.com/page/download_track?file=8.2.5/linux/splunk-8.2.5-77015bc7a462-Linux-x86_64.tgz'

# Install
tar xvzf splunk.tgz -C /opt

# Start Splunk
/opt/splunk/bin/splunk start --accept-license

# Configure forwarders on monitored systems
/opt/splunkforwarder/bin/splunk add forward-server <splunk-server>:9997
/opt/splunkforwarder/bin/splunk add monitor /var/log

Option 2: ELK Stack (Free)

# docker-compose.yml for ELK Stack
version: "3.8"

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.10.0
    environment:
      - discovery.type=single-node
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ports:
      - "9200:9200"
    volumes:
      - elasticsearch-data:/usr/share/elasticsearch/data

  logstash:
    image: docker.elastic.co/logstash/logstash:8.10.0
    ports:
      - "5044:5044"
      - "9600:9600"
    volumes:
      - ./logstash/pipeline:/usr/share/logstash/pipeline

  kibana:
    image: docker.elastic.co/kibana/kibana:8.10.0
    ports:
      - "5601:5601"
    depends_on:
      - elasticsearch

volumes:
  elasticsearch-data:

Practice Scenarios

Scenario 1: Active Directory Attack Path

Scenario 2: Web App to System Shell

A typical web application exploitation chain demonstrates how vulnerabilities stack together. Begin with reconnaissance to identify the technology stack and potential vulnerability vectors. Discover and exploit SQL injection to extract database credentials or bypass authentication. Upload a web shell through an insecure file upload mechanism or other vulnerability. Achieve privilege escalation by exploiting a kernel vulnerability or misconfigured service. Establish persistence through scheduled tasks or service modifications. Finally, pivot to other systems using the compromised host as a foothold into the network.

Backup Strategy

WARNING
Important: Back Up Your Lab:
Even though it's a lab environment, losing hours of configuration work creates unnecessary friction in your learning process. Take VM snapshots before major changes or experiments to enable quick rollback if something breaks. Export configuration files from pfSense, routers, and other network devices regularly. Maintain documentation of your setup including IP addressing, credentials, and architectural decisions. Keep offline backups of critical VMs on an external drive to protect against hypervisor failures or storage corruption.

Cost Breakdown

Here's a realistic budget for different lab tiers:

Item	Budget	Mid-Range	High-End
Server/PC	$400	$1,000	$2,000
RAM Upgrade	$100	$200	$400
Storage	$100	$200	$500
Networking	$50	$150	$300
Software	$0	$100	$300
Total	$650	$1,650	$3,500

Maintenance Tips

#!/bin/bash
# weekly-maintenance.sh

echo "Starting weekly lab maintenance..."

# Update all VMs
echo "[*] Updating Kali Linux..."
ssh kali@kali-vm "sudo apt update && sudo apt upgrade -y"

echo "[*] Updating Ubuntu servers..."
for server in web-server db-server; do
    ssh admin@$server "sudo apt update && sudo apt upgrade -y"
done

# Verify backups
echo "[*] Checking backup status..."
ls -lh /backup/snapshots/

# Clean up old logs
echo "[*] Cleaning old logs..."
find /var/log -name "*.log" -mtime +30 -delete

# Check disk space
echo "[*] Disk space status:"
df -h

echo "Maintenance complete!"

Learning Resources

Online platforms complement your home lab by providing guided challenges and real-world scenarios. TryHackMe offers guided cybersecurity training with virtual labs, making it perfect for beginners who need structured learning paths. HackTheBox provides real-world penetration testing practice that challenges intermediate to advanced learners with realistic scenarios. VulnHub hosts downloadable vulnerable VMs that enable completely offline practice within your own lab environment, offering flexibility and consistent access regardless of internet connectivity.

TryHackMe: Guided cybersecurity training with virtual labs and structured learning paths for beginners.
HackTheBox: Real-world penetration testing practice with challenging scenarios for advanced practitioners.
VulnHub: Downloadable vulnerable VMs for offline practice in your personal lab environment.

Conclusion

Building a home lab is one of the best investments you can make in your cybersecurity career. Start small, expand gradually, and focus on hands-on practice. Your lab will evolve with your skills and interests as you progress from basic scenarios to complex multi-system engagements.

Next Steps

Begin by choosing your hardware option based on available budget and space constraints. Set up your hypervisor and configure basic networking with proper segmentation. Deploy your first vulnerable VM and practice basic attacks to validate your setup. Add complexity gradually by introducing more VMs, services, and realistic scenarios that mirror enterprise environments. Document everything thoroughly, as your future self will appreciate the reference when troubleshooting issues or expanding your lab.

The best lab is the one you'll actually use. Start with a simple configuration that you can expand over time rather than attempting to build everything at once. Focus on gaining proficiency with core concepts before adding advanced features. Regular use of your lab, even for just 30 minutes a day, provides more value than an elaborate setup that sits unused.

DEV Community