0x02 Ethical Hacking Series Building Your Own Hacking Lab PDF
0x02 Ethical Hacking Series Building Your Own Hacking Lab PDF
JaxHax Makerspace
Travis Phillips
About Me
● Member of Jax Hax since it opened.
● Specializes in Ethical Hacking, IT Security,
and penetration testing.
● Formerly a programmer.
● Enjoys electronics, Linux, embedded
systems, anything hackery-ish, small
physical projects from time to time to keep
hands-on skills honed, puzzles, Open
Source everything, and lock picking.
● Easy to find. Big dude dressed in black or
grey. Seek me out anytime you are here.
Intended Audience
● This is intended as an intro class as part
of a series of classes.
● This is a class that is for people who are
interested in security and require proof
it's working!
● This class covers the basics of building a
lab so that you will have a safe
environment to play in.
– DON'T BE AFRAID TO STOP ME TO ASK
QUESTIONS!
– The only stupid question is the question never
asked.
So Why Do I Need a Hacking Lab?
● Keeps vulnerable software off your real
machine.
● A lab provides you a controlled environment
for your testing.
● You'll have physical access to the machines
for troubleshooting.
So Why Do I Need a Hacking Lab?
● I'm teaching you things
that if conducted on
machines you don't own,
it's illegal! Hacking
machines you do own
however is legal!
● Not providing a lab setup
is like giving a kid a BB
gun without targets and
cutting him loose in the
outside; It can only end
badly!
Things to Consider When Building A
Hacking Lab
● What sort of hacking research are you
looking to do?
● Network Exploits
● Web Attacks
– DoS
● Mobile Devices
– MitM
● Malware Research
● Software Exploits
● Reverse Engineering
– Linux
● Wireless
– Windows
● Crypto
– Mac
What Resources Do You Have On
Hand?
● Any old bare metal boxes laying around?
● Is your rig beefy?
– Plenty of memory and CPU for VMs?
● Any networking equipment laying around?
– Old ISP modems are usually great!
● Wifi and a 4 port switch are usually built-in
● Usually provide DHCP, Firewall, and DNS.
● Dumb network hubs are AWESOME!!!
● A USB drive you can dedicate to the Lab
What to consider when buying
equipment?
● Networking equipment can usually be mid
tier SOHO gear.
– Although port mirroring/spanning can help
when it comes to sniffing.
● Machines can usually be home use grade.
– Keep architecture in mind!
● x64 can run x86 and x64 OSs but not the
other way around!
● If you want to test against ARM
architectures I would suggest an ODROID
or Raspberry Pi
Raspberry Pi & ODROID
● $35 ● $65
● 700 Mhz CPU ● 1.7 Ghz quad
● 512 MB RAM core CPU
● HDMI+RCA
● 2 GB RAM
● GPIO Pins
● HDMI
What to consider when buying
equipment?
● Get a beefy rig if you are planning on doing
crypto or password cracking heavily.
● Beefy rigs also make running VMs easier.
● Hard drives are cheap so if you're planning
on VMs, get large drives!
● Beefy rigs do also permit themselves to act
as servers as well.
● Make your lab easy to reconfigure for
various test.
Network Considerations
● Is internet required? More importantly,
should it be present?
Depends on what your researching!
–