The first encounter: a hacking laboratory
How to start testing tools and methods of Ethical Hacking in your own computer.
A brief introduction
At the beginning of my fascinating career, I always had the urge to write and share the problems and challenges that came along with my studies. Installing Debian or Arch as the host operating system for hacking can be an enriching experience. Not only does it help in becoming an experienced Linux system administrator, but it also becomes a lifestyle that involves helping others to succeed.
If you’re interested, I’ll soon share my linux experience with this setup with window managers, so you can create and customize your own.
This starting point is a slow but high traction path, much like an off-road bulletproof war tank in the mud. It helps you survive in adverse conditions. I am excited to write (this as a metaphor of course). However, this path is not newcomer-friendly and can be frustrating, with only a minority being able to surpass the learning curve. I intend to provide a shortcut as it already exists for this applied knowledge, and the most important reason being that we need more ethical hackers.
What can I learn in this laboratory?
All the basics for hackers, including but not limited to the following coverage.
- Reconnaissance
- Scanning and Host Discovery
- Vulnerabilty Scanning
- Web Application Reconnaissance
- Exploitation
- Persistence
- Privilege escalation
- Evasion
- Credential access
- Discovery and Lateral Movement
- Data Collection and exfiltration
- Reporting
And other surprises.
What is the computer needed for hacking?
The best computer setup is the one that you feel really comfortable working on. I will be brief, if you plan to make an investment in some computer and equipment, look at the current RAM capacity and how much it can grow, the more the better, as well as a capacity of 400 GB of hard drive space. A 2.5 GHz Intel i5 processor with enable virtualization may be sufficient, as is my laptop where I have this stuff. An optional investment in a monitor and a base cooler for laptop will go a long way.
What are the virtual machines to install?
In my first laboratory, my target machines were Windows Server 2016 and Windows 7, with Kali Linux 2021.x, CentOS as a server, and Metasploitable 2. In the upgrade, I made changes by replacing Windows Server with Kali 2023.x, switching to Metasploitable 3 (which now includes Windows 2008 and Ubuntu), and adding a Fedora server.
I started testing tools and procedures on Windows 11 Enterprise Evaluation and Windows Server 2022, thinking about my next laboratory upgrade. Instead, I keep with Windows 10 Enterprise Evaluation and Windows Server 2019. The latter consumes fewer resources and can go better in our computer performance.
- Windows Server 2019
- Windows 10 Enterprise (Two workstations, one attacker and one target)
- Kali Linux
- Metasploitable 3
- Fedora Server
https://fedoraproject.org/en/server/download
What’s next?
In my upcoming blogs, I will guide you through the process of configuring each machine, setting up the required networking, and installing the necessary tools. Additionally, I will provide you with a professional template report and exams (why not?) to test your learning.
This is my first article in a blog series — I hope enjoy it!.
Feel free to connect on Twitter https://twitter.com/torresedart
