This guide will teach you everything you need to know about setting up your own hacking lab at home.

Inexpensive options.

The best tools and software

And other insider secrets to help you learn penetration testing and take your skills to the next level.

Don’t have time to read the whole guide right now?


No worries. Let me send you a copy so you can read it when it’s convenient for you. Just let me know where to send it (takes 5 seconds):



The Hardware Component


Hacking (and non-Hacking) Operating Systems


Cloud Labs & CTFs to Check Out


Get the Right Tools in Your Hacking Lab


Conquer the Windows Domain


Become a Master Web Hacker


The Hardware Component

You’ve made the choice: You are going to learn to hack and become a master hacker.

So you decide to set up a lab and learn.

Then, the question hits you:

“What computer should I use? A laptop? Will that work?”

Fortunately, I’m going to show you how to select the right hardware for your lab.

You may actually have what you need laying around.

Disclaimer: Nothing in this article is intended to promote the illegal access or use of computer systems. Hacking is completely legal when done in a legal manner. Only perform hacking on systems that you own or have permission to. 

Processors that support virtualization (Usually)

One of the most budget friendly way to set up a lab is with virtual machines.

You won’t have to purchase a ton of computers.

One slight problem:

Not every computer supports virtualization.

Most of the newer ones do, but if you are using an older computer, you’ll want to be sure it does.

You usually have to have a processor (CPU) that supports virtualization.

Here are the processor needs for a few types of virtualization solutions:

HYPER-V – 64-bit processor with Second Level Address Translation (SLAT)

VirtualBox – Runs on Intel and AMD processors even if they don’t support their manufacturers’ virtualization technologies. However, it will run better on a processor that supports virtualization.

VMWare – VMWare virtualizes the CPU itself, but there are some requirements regarding which CPU works best. Pretty much, anything after 2011 should be ok. There are a few exceptions, but that’s the general rule.


There’s not a correct answer as to how much storage you’ll actually need.

It really varies.

It depends on how many VMs you plan to run, what operating systems etc.

However, for a basic pen testing lab 128 Gb of storage should suffice.

I have one lab that has 256Gb and another with a terabyte.

So, it’s up to you how much storage you want.

It’s probably not a bad idea to have a solid state drive though.

Something like the 1TB Samsung 860 Evo would probably be overkill, but it’s the one I use.


Some tutorials suggest that you have at least 4GB of RAM in your lab computer.

I  disagree.

I think you need at least 8GB.

In fact:

I try not to have less than 16GB of RAM in my labs.

Why is RAM important?

Because as you add more VMs to your lab, the memory gets spread across them all.

Windows typically needs at least 2GB of RAM.

Linux machines usually need at least 1GB.

So, you can start your lab with less RAM if you’re on a tight budget.


That will probably be one of the first upgrades you’ll want to make.


Hacking (and non-Hacking) Operating Systems

Hackers have certain operating systems they like to use.


Different people have different preferences, but there are a few that are prevalent.

And for good reason:

Certain Operating Systems have so many hacking tools built right into them, you almost don’t even have to do anything.

So, which operating systems should you use in learning penetration testing?

Well, that’s what this chapter is all about.

Choosing the Right Operating System

Every hacker will have their own opinion as to which operating system is best.

The most common include:

Kali, Parrot, Windows, and Ubuntu.

That being said:

It’s entirely up to you which one you pick.

However, I’d suggest that you get familiar with them all.

To be a good hacker, you need to know a lot about a lot of things.

Try out all of them and then decide which one you prefer. With your VM host lab that you’ve set up, this won’t be a problem.

Kali Linux – One of the Most Well-Known

If you are looking for a one-top operating system to take care of most of your hacking needs, most professionals in the industry will likely suggest Kali Linux.

It comes with a bunch of tools built in, making it an ideal choice.

There isn’t a ton of configuration that needs to happen immediately.

Bonus Tip:

One of the core developers of Kali Linux wrote a book called “Kali Linux Revealed.”

This is a great free resource to learn all about the Kali Linux operating system.

Here are links to the PDF version and an HTML version.


6 Things you should do after first installing Kali

There are multiple versions of Kali – light, regular, and others.

The light version doesn’t have all of the tools that the regular version does.

Here are 6 thing you’ll probably want to do right away to be sure your Kali instance is optimized for use in your hacking lab:

1   Install Git

Git is a tool that you will likely end up using fairly often for downloading repos, code samples, and other tools.

To install it, use this command.

apt install git

2   Add a lower privileged user

It is a bad security practice to always work as an admin user.

When you do so, you leave your system open to attacks that can slip pass you.

If on the other hand, you work as a lower level user, you’ll be prompted to enter a password before scripts or other executables are installed.

Here is the sequence of commands to add another user:

adduser newusername

Password (At Prompt)

usermod -aG sudo newusername (Adds new user to sudo group with admin capabilities)

3   Install a Terminal MultiPlexer

So, here’s the problem:

Sometimes, when you’re running a script, you have a need to run another part of the script simultaneously.

But you can’t without opening another terminal window? Or can you?

You can if you have a multiplexer installed.

Here are the commands to install one in Kali:

apt install tilix

tilix (To open it after being installed)

Then you can open up two windows in the same terminal window.

4  Add the default hacking tools if using a light image

The light Kali ISOs don’t come with all of the hacking tools that the full images do.

This is done in case the user wants to use the light image on an SD card in a Raspberry Pi or similar device.

To install a bunch of them you can use Kali Metapackages.

So say you wanted to install the VoIP attack metapackage:

You would copy the name of the package you want to install.

And run the command:

sudo apt update && sudo apt install kali-linux-voip

Substitute the name of the package that you want to install.

5  Install the latest version of TOR

A lot of hackers use TOR for privacy or censorship concerns.

Consequently, TOR is constantly a target for computer attacks.

Therefore, you need to be sure you have the latest version and aren’t leaving your system vulnerable.

To update TOR to the latest version, you’ll need to update from the source as Kali’s repo may not be the latest.

Here are the commands to do that:

echo ‘deb stretch main
deb-src stretch main’ > /etc/apt/sources.list.d/tor.list

wget -O- ‘’ | sudo apt-key add

apt-get update

apt-get install tor

6  Change the SSH keys and default password

This is another of those default security things that we need to change.

The default password for every Kali Linux computer is the same.

And if you leave the default SSH keys, an attacker could easily gain access to your system.

Here are the commands to change them:

cd /etc/ssh/

dpkg-reconfigure openssh-server

passwd root

[Enter the new password.]

And there you have it.

Your Kali instance is now ready for use in your hacking lab.

Hacking Operating Systems to Check Out

So even though Kali Linux may be the most well known hacking operating system, it’s definitely not the only one.

Here are 9 other hacking operating systems that you may want to check out.

1  Parrot Security OS

Check it out Here

2  BackBox

Check it out Here

3  Samurai Web Testing Framework

Check it out Here

4  Pentoo Linux

Check it out Here

5  Caine

Check it out Here

6  Network Security Toolkit (NST)

Check it out Here

7  BlackArch Linux

Check it out Here

8  Bugtraq

Check it out Here

9  DEFT Linux

Check it out Here


Cloud Labs & CTFs to Check Out

Cloud is a big “buzzword” lately.

EVERYTHING is going to the cloud.

And yes:

If you want, your entire hacking lab could be cloud-based as well.

That’s what this chapter is all about:

Cloud Labs and some cloud CTFs that you should check out.

Running Kali Linux from the cloud

If you are looking to run your hacking lab from the cloud, you need to be aware of one thing.

Just because a cloud instance is yours, or you have a cloud network setup doesn’t mean that the provider condones you setting up a hacking lab on their platform.

And because of the legal issues surrounding hacking, you’ll want to be very careful with this.

Be sure to check with the cloud provider before you start.


There are a few cloud providers that have Kali instances and you are pretty safe to use them.

Kali Linux virtual private server on AWS

Note: Before you begin performing penetration testing with an AWS instance, you must get authorization. This page will give you all of Amazon’s rule and methods of requesting authorization.

Setting up a Kali Linux machine on Amazon Web Services is actually pretty easy.

In fact:

Amazon has a instance already set up with Kali Linux that you can use.

Once you have it set up, you can connect via SSH or VNC.

Kali Linux virtual private server on OneHost Cloud

OneHost Cloud has developed a pretty seamless cloud-based Kali Linux experience.

You can actually also get several other hacking operating system VPSs at OneHost.

One thing that differentiates OneHost from other Kali VPS providers is how easy it is to access the machine.

Using the noMachine software solution, you can easily access your VPS from pretty much anywhere and any device.

It also allows for easy sharing of files between the VM and the connecting devices.

Kali Linux virtual private server on Azure

Azure is another cloud environment that you can use to build your hacking lab.

The really good news:

Microsoft allows penetration testing of your own Azure virtual machines.

In fact:

They actually encourage it.

You just can’t perform any kind of DDoS or DOS attacks.

Pretty much everything else is ok.

You should also check out the Penetration Testing Rules of Engagement before starting.

Microsoft also took away the requirement that users must submit the Azure Penetration Testing Notice before beginning testing, but it’s not a bad idea to still do so.

If you need step-by-step instructions on how to set up a Kali Azure instance, check out this article.

Become a hacking master by completing Capture The Flag (CTF)  Exercises

Capture the Flag (CTFs) events and exercises are another really great way to learn ethical hacking.

And with the online versions, you don’t even need to set up a hacking lab.

It’s already done for you.

So, CTFs may seem kind of intimidating to a beginner, but be sure they are a great way to immerse yourself in the topic and learn fast.

That being said, I highly recommend that you participate in them at least for the learning experience.

5 FREE CTF sites to hone your hacking skills

So, CTFs may seem kind of intimidating to a beginner, but be sure they are a great way to immerse yourself in the topic and learn fast.

That being said, I highly recommend that you participate in them at least for the learning experience.

1  HackThis!!

Free  •  Link

HackThis is a great CTF / Hacking platform that you can use to get started.

There is a large community there and you can ask questions and interact in the forum.

2  OverTheWire

Free  •  Link

OverTheWire is a great CTF for beginners.

It starts at the very basics of Linux and works all the way up.

Start with the bandit exercises and work your way up to becoming a master hacker.

3  Hacking-Lab

Free & Paid  •  Link

Hacking-Lab provides the CTFs for several European Hacking competitions.

They also provide ongoing hacking challenges that users can use.

While there are paid options, some of them are free.


Free  •  Link

Looking for a somewhat easy CTF to just get started with?

Then PWNABLE.KR may be the perfect solution for you.

Exercises start very simple and help you build your skill.

They also have tutorials to help you along the way if needed.


Free  •  Link


ROOT.ME is a great site for helping you hone your hacking skills.

There are literally hundreds of challenges that you can complete and dozens of virtual environments.

You can practice everything from cryptanalysis to steganography.


Get the Right Tools in Your Hacking Lab

There are SO MANY tools that you can use for penetration testing.

Which means:

You can’t learn them all.

So which tools should you learn to be a master hacker?

Good Question:

That’s what we’ll talk about in this chapter.

What are the standard tools that you should learn and where to find others.


As you probably already know there are a TON of hacking tools.

And almost daily, new pen testing tools are being created.

So, while the tools you will use in your hacking lab will vary, here are 11 common tools you really should have in your pen testing lab.

1   NMAP – The Scouting & Reconnaissance Tool

NMAP is a reconnaissance tool that you need to learn how to use.


You can use it to find open ports, operating systems types, possible weaknesses, and more.

Screen Capture of Nmap in action. Nmap is a free cybersecurity tools.

The beauty of NMAP is its flexibility.

It has SO many flags and options.

You can really stay pretty stealthy while performing attack recon.

There’s nothing worse than the defense team finding you on the first day of the pen test because you’re doing noisy scans.

So, be sure to add NMAP to a box in your hacking lab and learn how to perform recon.


If you want to thoroughly learn the ins and outs of NMAP, check out this book. It’s an excellent resource.

Nmap: Network Exploration and Security Auditing Cookbook

2   NESSUS – The Vulnerability Finder

Nessus is a paid tool.

But you can get the free (home) version.

Only thing is you can only scan 16 IPs at a time – more than enough for your lab.

What’s so nice about NESSUS is that you can scan hosts and find vulnerabilities.

Then, you can use those vulnerabilities to develop or find exploits.

This tool is widely used by professional penetration testers.

Therefore, if you plan to do commercial pen testing, you should practice using this tool in your hacking lab and master it.

3   Cain – The Password Cracker

Cain is a Windows password cracking tool.

But it can do a ton more.

That’s why I suggest that you add it to the things to learn in your lab.

Some of the things that you could practice with Cain include:

Password recovery by sniffing networks, cracking encrypted passwords with Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, recovering wireless network keys, and uncovering cached passwords.

Sounds fun doesn’t it?

4   Responder – Windows credential stealing

Responder is another tool that I use on a lot of penetration testing engagements.

I typically leave it running while I’m working on other attacks.

Responder automates LLMNR and NBT-NS attacks to steal Windows credential hashes.

Basically, when local DNS requests fail, Windows computers “fall back” to LLMNR (Link-Local Multicast Name Resolution) and NBT-NS (Net-BIOS Name Service).

Responder will then spoof the requested location and receive the authentication credentials.

Check out the Responder GitHub page if you want to learn more.

5   John the Ripper – Password Cracking

John the Ripper is one of the most widely known password cracking tools.

I highly recommend that you add it to your lab and learn how to use it.

6   Metasploit – Attack Suite

Metasploit is one of the best known hacking “suites.”

It compiles a ton of vulnerabilities, exploits, and attacks into one system.

It has been acquired by RAPID7, but the open source version is more than sufficient.

Add metasploit to your hacking lab and learn how to use it and what exploits are available.

You’ll be glad you did.

7   SET – Social Engineers’ Toolkit

As you probably already know, humans are almost always the easiest way into a system.

Pretty much, if you send a carefully enough crafted email with a payloaded attachment, or a link to a site to get credentials – you will succeed.

So, SET, the Social-Engineer Toolkit, makes crafting and managing those emails much much easier.

You add SET to your hacking lab and start practicing crafting spectacular phishing emails as well as getting those emails past mail filters.

8   Discover Scripts – OSINT Tool

Discover scripts helps you automate aspects of passive and active reconnaissance.

The scripts will also automatically choose and run the appropriate Metasploit modules based on what was discovered during the scan.

9   PowerShell Empire – Powershell Scripts

Empire is one of those tools that you pretty much have to have for a pen testing engagement.

It’s a post exploitation framework that allows you to run PowerShell agents without needing powershell.exe.

You can quickly deploy post-exploitation modules like key loggers and Mimikatz.

10   CrackMapExec – Post Exploitation Tool

CrackMapExec is a tool that is used during the post-exploitation phase of penetration testing.

You can use it to crack administrative rights and map active directory networks.

It has various sub-modules like Powersploit, Mimikittenz, and other tools for pivoting and escalating access during a pen test.

11   PRET – Printer Exploitation Toolkit

I probably don’t have to tell you:

Printers are usually one of the most vulnerable items on a network.

And now that cloud print has become popular, it’s even worse.

Printers can be the gateway to a network.

So, PRET, the Printer Exploitation Toolkit, is a tool for attacking network and USB printers.

Basically, it allows you to get a shell on a printer.

The possibilities for attack scenarios are up to your creativity.


Conquer the Windows Domain

The simple truth is this:

Most corporate environments today use Windows computers.

And if you plan to do professional penetration testing, you need to be familiar with Windows.

And if you are not coming from a background of a Windows System Admin or a similar role, understanding Windows domains can be even harder.

The solution:

Set up a virtual Windows environment in you lab and master hacking Windows systems.

That’s what this chapter is all about: Learning to hack Windows.

FREE Windows Server & Desktop Instances

The first thing that you will need to begin learning the Windows domain environment are Windows instances.

I suggest you use the Windows Evaluation Center images for you lab.

Windows allows you to try the instances for up to 180 days.

If you create a restore point at the beginning, you can simply revert back when the time expires.

It’s perfectly legal and endorsed by Windows.


Head over to the Windows Evaluation Center to get your ISOs for your lab.

Here’s how to do it:

1   Head over to the Windows Evaluation Center

You’ll select either Windows or Windows Server.


2   Fill out the form

Then, you will have to fill out the necessary information for the download.

3   Download the ISO

After you complete the form, you can download the ISO and go install it.

That’s it!

Here is a tutorial if you haven’t ever installed Windows from an ISO.

Build Out Your Windows Domain Lab Environment

So your first step to learn to hack Windows Domain environments is going to require developing one so that you can hack it.

Makes sense right?

I know what you’re thinking:

“I have not the slightest clue how to set up a Windows domain!!”

And I get it.

I’ve actually been there before.

The good news is:

This tutorial will show you step-by-step instructions to set up a Windows Domain. 

Windows Specific Hacking Tools

As we discussed earlier, there are a lot of hacking tools.

You shouldn’t try to learn them all immediately.

There are some hacking tools that are specifically built for Windows environments and machines.

It’s not a bad idea to practice them in your hacking lab.

Here are five that I have in my lab:

1   Mimikatz

Mimikatz is a post-exploitation tool that allows attackers to gain a stronger foothold in an environment.

One of its most well-known uses is for locating Windows plaintext passwords and password hashes.

2   Empire

PowerShell Empire is another Windows hacking tool that can help obtain password hashes from victim machines.

3   PowerSploit

PowerSploit is actually just a collection of PowerShell modules.

It can help pen testers execute code, inject DLLs, inject Shellcode, and a bunch of other nice things.

4   Nishang

Nishang is another tool that works well for pen testers.

You do have to watch out for anti-virus flagging it as malicious.

There are tutorials that can help you get past this.

5   Invoke-DCSync

Invoke-DCSync is another PowerShell script that can be useful during penetration tests.

It uses PowerView, Invoke-ReflectivePEInjection and a DLL wrapper to obtain hashes.


Here links to a couple of my favorite books for learning about Windows hacking.

Maybe they could be of use to you too!

Hands on Penetration Testing Windows

Penetration Testing: A Hands-On Introduction


Become a Master Web Hacker

Almost EVERYONE uses the web these days.

It’s shocking.

But there are SO MANY vulnerabilities and attacks on the web also.

In fact, most breaches originate from the web or utilize the internet in some form.


If you really want to become a master hacker, your hacking lab should include some space for learning web hacking.

So, you’ve decided to learn web hacking?


Before we get into some practical tips and suggestions for your web hacking lab, let me give you one super important piece of advise.

Whatever you do, DO NOT just go start hacking websites for practice.

You will get in BIG trouble.

Set up your own web hacking lab and do it legally.

Even if the website you are trying to hack is your own, you could still run into issues with the hosting provider. (Of course, unless you are hosting it yourself. )


I’m going to show you several pre-built vulnerable web applications that you can download and use to learn hacking.

Since we are short on room in this post, if you want, you can go check out a list of 47 vulnerable machines and web applications that you can use to master hacking.

Here Is The List

The OWASP Mutillidae Project

When you want to learn web hacking, it can be challenging.

There are SO many attack methods to learn:

SQL injections, Cross Site Scripting, Javascript injection, HTML injection, authentication bypass, and so many more.

That’s where Mutillidae comes to the rescue.

It’s an intentionally vulnerable website that you can download and use in your own hacking lab.

It runs on both Linux and Windows, and has hints and tips to help you master web hacking.

Here’s a great tutorial from the developer if you need help setting up Mutillidae.

Using Mutillidae

Once you have Mutillidae set up in your own hacking lab environment, you can start practicing common attack methods.

Mutillidae organizes them by the OWASP Top 10 Vulnerabilities. (The 10 most common web vulnerabilities for the year in case you haven’t heard of it).


On the left of the page, select the year that you want to use (older can be easier).

Then choose the type of attack you want to practice. SQL injection in this example.

Mutillidae then takes you to a page where you can practice the chosen types of attacks.

The page will be intentionally vulnerable to help you learn.

We could go on and on about the things you can learn from Mutillidae, but we have to move on to other web hacking things to include in your pen testing lab.

If you want to learn all about Mutillidae and various attack methods, the developer has a great YouTube playlist here.


Another pre-built vulnerable web application that you can add to your hacking lab is DVWA.

Like Mutillidae, it’s made to be intentionally vulnerable so that aspiring hackers can practice various kinds of attacks.

Once really nice thing about DVWA – especially when you’re just starting – is that you can change the difficulty level of the entire web app.

If you want some actual scenarios and exercises to try, check out the bonus chapter.


Similar to Mutillidae, Metasploitable is an intentionally vulnerable machine that you can use to learn hacking.

Now It’s Your Turn

So that’s how I set up a hacking lab.

Now I want to turn it over to you: Which of the steps from today’s guide are you going to implement first?

Are you going to set up a lab for learning web hacking? Or start working on CTFs? Do you still have a lingering question that you want answered?

Let me know by leaving a a quick comment below right now.

One thought on “Hacking Lab Setup: The Definitive Guide [2019]”

Leave a Reply

Your email address will not be published. Required fields are marked *

About SmartFix

We are a family owned business that provides fast, warrantied repairs for all your mobile devices.

Brooklyn Area

2307 Beverley Rd Brooklyn, New York 11226 United States

1000 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

San Francisco Area

358 Battery Street, 6rd Floor San Francisco, CA 27111

1001 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

121 Resources for you to:

Learn & Master Cyber Security
Send Me the PDF
Get the Exclusive Bonus
Privacy Checklists and My Favorite Resources

Get Instant Access! 
Your information will never be shared

Download the PDF Version Of This Guide

Want to save this guide for later? You can download the PDF for free

Reasons to Subscribe to the CyberX Email List:


 1. Free Stuff 
You'll get instant access to free resources. 

 2. Content Tailored to You 
Over time, Ill get to learn more about you and deliver content that actually matters

 3. No Hype 
Just real content that's meant to make a difference. 


Download the PDF Version Of This Guide

Want to save this guide for later? I'll email you the PDF for free. 

Would the SMB Cybersecurity Plan Be Helpful?

Do you want a proven plan for security for your SMB? How about a logical plan for reducing the risk of breaches?
Pivot To Infosec Virtual Summit - Are you wanting to pivot to infose?
Check Out Free Event