Quickly, to the laboratory!

OK Google, who is Jeremiah Bess?

• Incident Responder
• 15 years in Cybersecurity
• Started doing cyber in AF (11 years)
• Threat Hunter for an MSSP
• Long walks on the beach Hikes in the mountains
• Married 19 years, 6 kids

What is a home lab?

​

​

• Collection of computers designed for development, experimentation, and training
• It’s personal
• Virtual Machines are the bomb

Home lab uses

• Exploit/vulnerability research
• Malware analysis
• Software development
• Tool testing
• Learning a scripting language
• Learn pentesting
• Thin clients

• Web development
• IPS/IDS testing
• CTFs
• Learning Linux
• Bug bounties
• Honeypots
• Career progression

Basic Virtual Machine terms

• Host OS
• Hypervisor (application or bare metal)
• Guest OS
• Guest Additions
• Disk image (ISO) vs OVF vs OVA
• NAT vs Bridged vs Internal vs Host-only

Building a lab

• Determine your goal
• What will your lab do?
• How might you use it in the future?
• RAM is everything

Hardware platforms

• Desktop/Laptop
• Eff Arr Double-e
• Spare computer
• Buy used
• Con: Might have limited upgrade capabilities

Hardware platforms

• Portable/Compact
• Small form factor
• Intel NUC
• Shuttle XPC nano
• Gigabyte Brix

Hardware platforms

• Dedicated Server
• Poweredge R710
• $150-$500
• Rack mounted in utility closet
• Pro: Plenty of computing resources
• Con: Rack mounts, noise, cost, heat

Hardware platforms

• Cloud
• Digital Ocean
• Amazon EC2
• Google Cloud
• Con: Charges for outbound data, other hidden fees

Hypervisors

• Virtualbox
• Free
• Snapshots
• Headless VMs

Hypervisors

• VMware Workstation Player
• Free for personal use
• No snapshots
• Single VM at a time
• Upgrade for $150

Hypervisors

• XenServer
• Free
• Bare-metal
• Clustering – shared resources
• Live VM migration
• Windows-based management software

Hypervisors

• Proxmox
• Free
• Bare-metal
• Clustering – shared resources
• Live VM migration
• Web UI

Example setups

• Free
• Current/spare computer
• Virtualbox
• No cost obligation
• Almost no excuse

Example setups

• Budget ~$640
• Hak5 Episodes 1818, 1819, 1820
• Intel NUC - dual core 2.7GHz
• 16GB RAM, 250GB SSD
• XenServer

Example setups

• Premium (#DontTellTheWife) ~$1350
• Antsle One Pro
• Dedicated VPS hardware/software
• Intel 8 core 2.4GHz
• 2x500GB SSDs (RAID 1)
• 16GB RAM

Network Topology

• Depends on use-case
• Protect your home network assets
• Guest network/DMZ
• Sniffing packets?
• DD-WRT allows port spans
• Cheap managed switch allows port mirror

Example uses

• Windows for free

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

• Google “microsoft browser vm”
• Win 7-10, IE 8-Edge
• Ready to run VM files
• 90 days + limited extensions

Example uses

​

• Windows 10 for free

https://www.microsoft.com/en-us/software-download/windows10ISO

• ISO, must run through install process
• No need to activate
• Watermark, limited personalization options
• Perfect for a lab!

Example uses

​

• Servers

https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server

• Google “microsoft server eval center”
• Server 2012-2019
• 180 days

Example uses

​

• Full Windows Domain
• DC
• Member servers
• Workstations

Example uses

​

• Linux
• Learning Linux
• Test distributions – www.distrowatch.org
• Linux Mint FTW – www.linuxmint.com
• SAMBA file server

Example uses

​

• CTFs
• Kali Linux – www.kali.org
• Local VMs – www.vulnhub.com
• Online VMs - www.hackthebox.eu
• SANS Holiday Hack Challenge – www.holidayhackchallenge.com

Example uses

​

• Vulnerable machines
• DVWA - http://www.dvwa.co.uk/
• Metasploitable – Google “metasploitable <version>”
• Versions 1-2 - Linux
• Version 3 - Win 10
• 4.5 GB RAM and 65 GB VHD required

Example uses

​

• Network Defense
• Sophos UTM Home - https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
• PFSense/OpenSense – www.pfsense.org or www.opensense.org
• Security Onion – securityonion.net

Example uses

​

• Programming/Web development
• Python
• C
• Java
• LAMP – Linux Apache MySQL PHP

Example uses

• Malware analysis
• FireEye Flare
• Requires an existing Windows VM
• Windows 10 Victim VM with tools
• Process Monitor, Wireshark, Sysmon, OLEtools, etc
• Linux network gateway with network options
• InetSim, PolarProxy

Data transfer

• Shared Clipboard
• Drag and Drop
• Shared Folders
• USB devices
• SCP

Snapshots

• Disaster recovery
• Bypass licensing
• Allowed by Microsoft!

Questions/Comments?

​

https://netsecninja.github.io

@NetSecNinja

https://linkedin.com/in/jeremiahbess