One of the new projects I’ve taken up is the process of building up a little lab I can experiment in. One of the biggest problems I’ve had with trying out new stuff is the limitation on hardware. I’ve really only ever had a single computer to work on, barring the occasional netbook to play with. With a release of Kali out and the motivation to get moving still fresh from Def Con I’m going to start putting together a lab to play in. I really love software testing and building out security and pen testing skills is only going to make me happier.
Being a pack rat has been helpful here. While I tended to only replace computers when they died that still means I have a lot of stuff to pull from. I was looking around for a power cable for an old laptop when I found my WRT-54g. We moved off of it to support 802.11n and I’d completely forgotten I had it. I’ve also loaded the light version of Kali on to an old Eee PC. It’s missing a lot of bells and whistles, but it works and isn’t intolerable. It’ll be a good start until I can order in a laptop capable of running the full version of Kali.
Off the top, I think the biggest problem is going to be playing with Windows systems. On a work machine I’ve got a little virtual lab setup with versions of Server 2008 and 2012. My machine is powerful enough there to support that. I don’t really have the resources (at the moment) to put together something like that home. I might even be struggling to get Server 2008 running.
It’s not a terrible problem. There are more than enough resources out there. I’m thinking about the OWASP Broken Web Applications project. Those will probably be easy enough to get running on a stripped down Linux box. It also looks like there has been some some updates as recently as a few weeks ago. Segregate these out into a offline, private network and I could definitely have some fun with it.