Moving Forward – Setting up a Pentest Lab

So, having solved all other problems, I want to learn more about the offensive side of security. The best way to do that, that I can see, is to really get a good lab going and work through some material. So here’s my new goal: a year from now I want to take the OSCP. I’m giving myself a year because there’s no ticking clock, and I want to be thorough and learn the material and this gives me time to learn on my own and to get involved in at least 2, possibly 3 CTFs between now and then with Bsides DC, Baltimore, and Shmoocon all coming up.

Step 1: identify material. There’s some official OSCP materials available at the usual places. But that’s no good, you want to pay for that. And besides, you want to be able to interact with the instructor and other students. And yet now is not a good time to take the official material due to a new school semester starting soon (incident handling and “big data” classes, should be fun). Georgia Weidman’s book on pentesting, cunningly titled Penetration Testing, gets great reviews from people in the industry and after going through the first couple of chapters it seems on point. So, I’m going with this to start. Also going to work my way through Black Hat Python by Justin Seitz finally, improve and focus my coding skills. So I’m going to use this blog to track progress through this material and figure out where to go next.

Step 2: make a lab. I am cheap, and am determined to make a lab as cheap as possible while still having as much potential as I need. I made it through nearly two years of college in an IT program using only an Acer C-720 Chromebook that I picked up for $150 bucks back in the day. I am confident I can make this work. So I am taking two approaches. First, is my laptop that I replaced that chromebook with, a Toshiba Satellite C-55 that I picked up last fall for about $400. That laptop plus a quick memory upgrade to 16 GB has been pretty formidable. More than enough to run a few low budget VMs, and probably to run through some basic offensive lessons.

But, of course, I want more. So a year or so ago I picked up a 1U Dell 1900 Poweredge server from eBay. It’s an older server, definitely not up to modern standards. But it also cost $90. It came with 16 GB RAM, but I was able to get that up to 32 GB with a total cost of about $24. The goal with this is to wait until GMU activates my Dreamspark account again this fall, download the free ESXi software available from there, and configure and run┬ámultiple VMs from there and run through scenarios remotely when possible.

So that leaves me with the following:

  • 2.2 GHz Intel Core i5 laptop with 16 GB RAM
  • Dual 2 GHz Intel Xeon server with 32 GB RAM
  • still rockin the chromebook

Total cost of all of this comes out to about $650, but considering the only thing I actually purchased for this initiative was the memory for the server I had sitting in a closet, I think so far so good.

I’ve set up the initial Kali VM from the Weidman pentesting book on the laptop, but since the book is a bit older there are some things that don’t quite fit with the new version of Kali and probably just the passage of time. I’ll get through them as I come to any problems.

So far that’s the only thing I have had time to do though because in the past month life has interfered. I gave my first talk at NovaHackers, it wasn’t great because I was nervous and stepped on what I had planned to say, but whatever. It was nice to meet people and see the great talks. Tomorrow is another meeting. I’ve learned Python, using Python Crash Course by Eric Matthes, which is a good teaching tool. I’m transitioning to a new job over the course of the next few weeks. I’m even thinking up new blog ideas and possibly even talks. I want to do one possibly on Nessus API, that could be something that is useful. We will see. Passed the CEH, I hate to say things are easy but really, it is, how they charge that much money for it I have no idea. Still hoping to do this blog ever week, even if I did fall behind for a month.