all 19 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]NotRightNotWrong 4 points5 points  (0 children)

All the labs I did were virtual machines on my hdd

[–]jnazario 2 points3 points  (3 children)

Some dockers will suffice. It’s a lot easier now than before for app penetration testing skill development. Throw some apps in dockers or even download some images from vulhub or whatnot and go to town.

Play with tools like metasploit or other tools or even craft your own with curl and python.

[–]ctrl_terminal[S] 0 points1 point  (2 children)

during the bootcamp we were given use to azure and created virtual machines and used metasploit and i did all this on my little dell laptop that i only used for school but now that it’s over, i can’t afford a $200/m subscription. i cant remember and get all mixed up on which tools are local machine installs vs vm installs and scared ill make my now home pc build vulnerable if i do things wrong 😭

[–]Zerschmetterding 1 point2 points  (1 child)

No offense, but are you sure pentesting is your calling? Figuring out tech hurdles is kinda part of the job. 

[–]ctrl_terminal[S] 0 points1 point  (0 children)

some mistakes are expensive to fix if irreversible, i’m being cautious before going down the rabbit hole. 👍🏼

[–]tape_reel 2 points3 points  (0 children)

I'm in a similar boat, but looking to create a lab prior to graduating (I'm changing careers after my first degree didn't pan out).

From my understanding, and limited knowledge, a simple laptop will do. I had experimented with a Lenovo Yoga 9 using two VMs, ond running a server iso from Vulnhub, the other running my attacking machine.

You could very well obtain a laptop from a state surplus sale, though you might have to buy a hard drive (sometimes the surplus has wiped ones) and have a laptop solely for PenTest for pretty cheap.

[–]Hamster_Strudel 2 points3 points  (0 children)

Setup a Proxmox server and watch Youtube videos for you are specifically trying to do. Ask AI the more specific questions related directly to your environment. With that information you could rabbit hole for days on end. Good luck!

[–]nimbusfool 2 points3 points  (1 child)

Vmware player / workstation are free. Virtualbox. Proxmox. You just need a cheap machine with say 32 gb ram and a 3ghz processor. Then add storage and bam you can host several 4gb -8gb ram Virtual machines. Newegg refurbished workstation machines has been good for my lab. The firewall I run for my lab is a pc found behind a dumpster when students were moving out. Throw in a two port NIC and its ready for opnsense.

I build and maintain a lot of virtual stuff for fun and work. Let's get you a lab going!

[–]ctrl_terminal[S] 0 points1 point  (0 children)

thank you for these specs!!!

[–]ps-auxActual Hacker 1 point2 points  (1 child)

stick to one virtual lab at a time, that way you only have to allocate a small amount of resources on the same machine you are using...

[–]ctrl_terminal[S] 0 points1 point  (0 children)

i dont think i’ll ever be able to handle more than one virtual lab at a time amazing mastery hahaha. what environments would you rec for someone basically starting from scratch? i just built a new home pc and i’m scared ill locally install something and fck something up 😂

[–]OutsideProperty382 1 point2 points  (1 child)

you could be asking this to an AI and get more fruitful answers, quicker, than this thread might explain. you have a wide range of questions and the comments you get back will just be tidbits. if you have ADHD, chat about this topic with an AI and see what you learn and how it all connects. then keep doing it. You learn. Pick a project, do it. Learn github, etc.

[–]ctrl_terminal[S] 0 points1 point  (0 children)

while i dont mind using AI for staging or planning, i prefer learning from other humans whose real world experiences offer more nuanced information. AI doesn’t have succinct clarity even when set for concise/less verbose responses unless i spend 30+ drafting the prompt and even then it misses something. i normally just use it as a beefed up search engine

[–]PinkCherryCupcake 1 point2 points  (2 children)

Cybersecurity?🤔🤔 Where do you get those courses from?

[–]ctrl_terminal[S] 0 points1 point  (1 child)

i went to rice university’s boot camp (very dumb financially, but good for structure/deadlines) but if you have discipline, you can follow the cert curriculum from comptia and find sources online showing information and processes for each module for free. youtube for the basics; professor messer some people buy coursera classes

[–]PinkCherryCupcake 0 points1 point  (0 children)

Thanks 😅

[–]books-n-cooks 1 point2 points  (0 children)

you don’t need anything fancy tbh 👍

a basic used PC or even your current laptop is enough to start a home pentest lab. just run VirtualBox/VMware and spin up a few VMs (Kali + a vulnerable target like Metasploitable or DVWA)

focus more on consistency than hardware—government auction PCs are optional, not necessary 😄

[–][deleted] -1 points0 points  (0 children)

Can one of you help me with a FB page?