Cybersecurity
Academy Introduction to Information Security Network Security Operating System Security Cryptography Web Security Mobile Security Cybersecurity Laws and Regulations Incident Response and Management Risk Assessment and Management Penetration Testing and Ethical Hacking Digital Forensics
CTF Platform Career Paths Certifications Security Tools Commands Cheatsheet Awareness Blog Pentest Wizard Finance Wizard About LinkedIn
Activity 1: Set Up a Virtual Security Lab
Introduction to Information Security

In this practical activity, you will set up a virtual security lab environment.

120min Intermediate

Back to Course Labs »

The practical lab activities provided on this website are intended for educational purposes only. The activities are provided "as is" without any warranties, express or implied. The owner of this website shall not be liable for the actions of the users pertaining to perform these activities.
Important! It is illegal to perform any type of intrusion or hacking activities without explicit permission.
Significance: Setting up your own virtual security lab allows you to apply your security skills and practice in a controlled environment.
Prerequisites: None
Requirements: Hypervisor (e.g., VMWare Workstation or Oracle VB)
Files: Kali Linux, Windows 10 Target, Metasploitable 2
Related Videos: Intro to Virtualization, Setting Up Your First Ethical Hacking Lab
Task #1: Set up a Lab Environment
By completing this task, you will be able set up a virtual lab environment that can be used to practice various security functions including vulnerability assessment and penetration testing.
Expert Mode
  1. Download the latest version of Kali Linux
  2. Install or open Kali using your hypervisor (e.g., VMWare Workstation)
  3. Configure Kali's network settings to NAT
  4. Power on Kali, log in, and obtain the IP address
  5. Download Metasploitable 2 from VulnHub
  6. Extract and open in VMWare Workstation
  7. Set the network settings to NAT
  8. Power on Metasploitable
  9. Repeat the steps above for the Windows 10 target (download here »)
  10. From Kali, ping the two targets
Regular Mode
Task in details »
  1. Visit the Kali Linux Download page, and find the Virtual Machines category
  2. Choose your architecture (64 vs. 32 bits). If not sure, most modern computers are 64 bits.
  3. Download the VM file that suits your hypervisor:
    • For VMWare Workstation, download the 7z file: kali-2022.2/kali-linux-2022.2-vmware-amd64.7z (version may vary)
    • If you are using Oracle VirtualBox, download the OVA file: kali-2022.2/kali-linux-2022.2-virtualbox-amd64.ova (version may vary)
    • If you want to perform a full installation (advanced), you can download the appropriate Bare Metal (i.e., .iso disk image) version. This is the best option if you want to install on an Apple machine with an M1 chip
  4. Load the VM using your hypervisor:
    • For VMWare Workstation, extract the 7z file into your Document/Virtual Machines folder (create it the folder if needed); open the extracted VM using your VMWare Workstation (File»Open)
    • If you are using Oracle VirtualBox, open the OVA file
    • If you are doing a full installation (advanced), read the detailed guides Virtualization Guides »
  5. Click the VM menu and select Settings
  6. Click Network Adapter and select the NAT option. Click OK when done
  7. Note Kali's credentials in the Description section, and power it on
  8. Log in using the following credentials: (kali/kali)
  9. Explore your Kali and make sure you know your way around it. This is the absolute minimum knowldge you should have: a) file system; b) available applications; c) basic linux commands; d) installing new tools and updating existing ones
    10. Target VMs
  10. Visit VulnHub and search for Metasploitable
  11. Click the Metasploitable: 2 VM to go its page
  12. Read the description and other details on the page. This will help you select other targets in the future. Notice the Format: Virtual Machine (VMware) and Operating System: Linux
  13. Download the metasploitable-linux-2.0.0.zip file from one of the download sites
  14. When the download is complete, unzip the file in your Documents/Virtual Machines folder
  15. Open your VMWare Workstation and from the File menu, select Open
  16. Navigate to the unzipped folder and select the Virtual Machine Configuration file VMX to open (it would be the only accessible file)
  17. The VM should now be present in your Worstation. Edit Settings → Network Adapter Settings → NAT
  18. Run the new target VM
  19. Download the Windows Target here »
  20. Extract the contents and open in VMWare Workstationas you did before
  21. Ensure the network adapter is NAT and power on the machine
  22. Login using the credentials samer/password
Task #2: Configure Automatic Updates
By completing this task, you will be able configure automatic updates on Windows 10, which can help ensure that your device stays up to date with the latest security patches and bug fixes.
Expert Mode
  1. Configure automatic updates on Windows 10
Regular Mode
Task in details »
  1. Do this step either on your own Windows computer or on the Windows 10 VM: Click on the Windows Start button and then click on "Settings" (the gear icon).
  2. In the "Settings" window, click on "Update & Security."
  3. In the "Update & Security" window, click on "Windows Update" in the left-hand menu.
  4. Click on "Advanced options."
  5. Under "Choose when updates are installed," select "Automatic (recommended)."
  6. You can also choose to have updates installed during a specific time window by selecting "Custom" and choosing a time that works for you.
  7. Under "Restart options," select whether you want your device to automatically restart after an update is installed.
  8. If you want to receive updates for other Microsoft products in addition to Windows 10, turn on the "Receive updates for other Microsoft products when you update Windows" option.
  9. You can also choose to automatically download updates over a metered connection (such as a cellular data connection) by turning on the "Download updates over metered connections" option.
  10. Once you have made your selections, close the "Settings" window.
Task #3: Add More Security
By completing this independent task, you will be able implement additional precautions to harden the configurations of your Windows and make it more secure against potential attacks.
Expert/Regular Mode
  1. Use Windows Firewall: Turn on Windows Defender Firewall for both private and public networks, and optionally, add rules (e.g., block ICMP traffic)
  2. Use antivirus software: Install and use a reputable antivirus software to help protect your computer from viruses, malware, and other threats. Keep the software up-to-date and run regular scans.
  3. Use a strong password: Use a strong, unique password that includes a combination of upper and lowercase letters, numbers, and special characters. Don't reuse passwords across multiple accounts.
  4. Use two-factor authentication: Enable two-factor authentication (2FA) for your Microsoft account and other important accounts. 2FA provides an additional layer of security by requiring a second factor, such as a verification code or biometric authentication, to access your account.
  5. Be cautious with downloads: Only download software and files from reputable sources. Don't click on links or download attachments from suspicious or unknown sources.
  6. Limit user access: If there are multiple users on your computer, limit their access to certain files and folders. Don't give administrative privileges to standard user accounts.
  7. Encrypt your hard drive: Use BitLocker or a third-party encryption tool to encrypt your hard drive. This can help protect your data in case your computer is stolen or lost.
  8. Use a virtual private network (VPN): Use a VPN to encrypt your internet connection and protect your online activity.
Name
Red fields are required.
VM Manager
Hypervisor
Kali Linux
Tiger Box
Virtual Machine
Target VM
Tiger Box
Virtual Machine
Target VM
Enable automatic updates
Enable Windows firewall
Use Antivirus
Settings/Update & Security
Settings/Windows Update
Settings/Update & Security/Windows Update
Defender
Protector
Firewall
Block ICMP connections
Block Ping tool
Block all incoming connections

               
© Samer Aoudi 2005-2024

Introduction to Information Security