A well-configured lab provides hands-on experience, full control over testing environments, and the ability to experiment with misconfigurations, assess security strengths, and practice evasion techniques. For cybersecurity professionals, a home lab is not just beneficial, it’s indispensable.
This guide is for cybersecurity professionals (Red/Purple/Blue Team), anyone prepping for certifications like PJPT, PNPT, CPTS, OSCP, or launching a career in cybersecurity. This guide will walk you through setting up a virtualized, enterprise-grade cybersecurity lab to simulate real-world attack and defense scenarios.
🧠Why This Lab Matters
"The difference between theory and domination? Your own cyber battlefield.
Introduction
A well-structured virtualized home lab is essential for learning offensive security, penetration testing, and enterprise cybersecurity. This lab will simulate a real-world corporate network with:
- Kali Linux (Attacker Machine)
- Windows Server 2016 (Active Directory & Vulnerable Apps)
- Windows 11 Client (Simulating an Endpoint)
- Sophos Firewall Home Edition (Network Security)
- Ubuntu Server (Hosting Wazuh SIEM for Monitoring - Network full visibility)
This guide provides a step-by-step walkthrough to set up this lab using VMware Workstation Pro (or VirtualBox).
Prerequisites
- Before starting, ensure you have:
- A powerful PC (Recommended: 16GB+ RAM, 200GB+ Storage, Intel VT-x/AMD-V Enabled)
- VMware Workstation Pro/VirtualBox (For Virtualization)
- Installation Files:
- Kali Linux (Download)
- Windows Server 2016 Standard (Download)
- Windows 11 (Download)
- Sophos XG Firewall Home Edition (Download)
- Ubuntu 24.04.2 LTS (Download)
Step 1: Setting Up VMware/VirtualBox Networking
We’ll use custom network segments to simulate an enterprise environment:
- Open VMware Workstation → Edit → Virtual Network Editor
- Create Three Networks:
- NAT (For Internet Access) – Default
VMnet8 - Internal Network (LAN - 192.168.1.0/24) –
VMnet2 - DMZ (For Wazuh & Firewall - 172.16.1.0/24) –
VMnet3
(In VirtualBox, use Host-Only Adapters and Internal Networks instead.)
Step 2: Installing Kali Linux (Attacker Machine)
- Create a New VM (2 CPU Cores, 4GB RAM, 50GB Disk)
- Attach Kali ISO & Install (Select "Graphical Install")
- Configure Networking:
- Primary Adapter:
NAT (VMnet8)(For internet access) - Secondary Adapter:
Host-Only (VMnet2)(For attacking the lab)
- Update Kali:
sudo apt update && sudo apt full-upgrade -y
Step 3: Installing Windows Server 2016 (Domain Controller)
- Create a New VM (2 CPU Cores, 4GB RAM, 100GB Disk)
- Attach Windows Server ISO & Install
- Set Up Active Directory:
- Open Server Manager → Add Roles → Active Directory Domain Services
- Promote to Domain Controller (Create a new forest:
cyberlab.local) - Install DHCP & DNS roles
- Configure Networking:
- Primary Adapter:
Internal Network (VMnet2) - Set Static IP:
192.168.1.10
🔧 Need help configuring AD? Follow this detailed guide
Step 4: Installing Windows 11 (Client Machine)
- Create a New VM (2 CPU Cores, 4GB RAM, 80GB Disk)
- Attach Windows 11 ISO & Install
- Join the Domain:
- Set DNS to DC (192.168.1.10)
- Go to Settings → System → About → Join Domain (cyberlab.local)
- Install Vulnerable Apps (Optional):
- XAMPP with old PHP versions
- Outdated software for exploitation practice
Step 5: Installing Sophos XG Firewall (Network Security)
- Create a New VM (2 CPU Cores, 4GB RAM, 50GB Disk)
- Attach Sophos ISO & Install
- Configure Interfaces:
- WAN (VMnet8 - NAT) – For internet access
- LAN (VMnet2 - 192.168.1.1) – For internal network
- DMZ (VMnet3 - 172.16.1.1) – For Wazuh monitoring
- Set Up Firewall Rules:
- Allow HTTP/HTTPS from LAN to WAN
- Block ICMP Ping from External Networks
- Enable Intrusion Prevention System (IPS)
📺 Need help configuring Sophos Firewall? Watch this YouTube step by step tutorial
Step 6: Installing Ubuntu Server (Wazuh SIEM for Monitoring)
- Create a New VM (2 CPU Cores, 8GB RAM, 100GB Disk)
- Attach Ubuntu ISO & Install
- Configure Networking:
- Primary Adapter:
DMZ (VMnet3) - Static IP:
172.16.1.100
- Install Wazuh:
curl -sO <https://packages.wazuh.com/4.7/wazuh-install.sh> && sudo bash wazuh-install.sh --all-in-one
- Access Wazuh Dashboard:
- Open
https://172.16.1.100in a browser
Need help installing Wazuh again? No help this time, you gotta figure it out 🥷
Step 7: Testing the Lab
- From Kali Linux:
- Scan the network:
nmap -sV 192.168.1.0/24
- Exploit a vulnerable service (e.g., EternalBlue on Windows Server).
- Check Wazuh Alerts for detected attacks.
- Test Sophos Firewall by attempting unauthorized connections
🚀 Congratulations! You’ve just built a highly functional, enterprise-style cybersecurity lab that mirrors real-world networks.
👀 Coming Next:
“Offensive Security: First Blood – Footprinting & Reconnaissance”
Stay tuned.