Building your kit

Building your kit
Photo by rishi / Unsplash

So you wanna be 1337?

Entering the realm of hacking, cracking boxes, and taking courses is a prominent public-facing pursuit that is frequently discussed. However, establishing a proper setup will undoubtedly yield bountiful fruits in the future.

One of the things I've shared with some of my juniors who study under me is how I had nuked my notes many times before developing what would later become my own 'Attack Matrix.' The usual question that follows is, 'Why not copy and paste it?' To which I commonly respond that poorly written notes reflect a lack of understanding. I would rather relearn the subject than hold on to a dataset that is unusable.

Never the less lets get into to days subject lab and notes set up.

My set up:

Main Rig

  • Manjaro XFCE (6 years old)
    • Intel I7
    • 32 GB RAM
    • NVIDIA 2080 Super
    • QEMU/Virt-manger as hypervisor
    • Remote Viewer to access Virt-manger & Promox VMs

Mobile Laptop

  • Dual Boot Win11/Kali via Grub (6 months old)
    • Ryze 5
    • 64 GB RAM
    • NVIDIA RTX4050
    • Virtualbox as hypervisor
    • Remote Viewer to access Promox VMs

Proxmox

  • Old laptop with battery removed
    • Intel I5
    • 64 GB RAM

Notes

  • Gitbook
    • Github sync enabled
    • Offline copies maintained
This setup is limited to ONLY my lab items and is not comprehensive list or a benchmark recommendation. Please use what you can reasonably afford and maintain.

Building your lab:

A lab doesn't have to be as remotely complex as mine. In fact, I don't even recommend having anything fancy unless necessary, as most of my setup is built-in redundancies.

Before we move forward, let's discuss hypervisors.

Type 1 Hypervisor:

  • Runs directly on bare metal
  • Provides higher performance levels
  • More complex to deploy and maintain
  • Examples include:

Type 2 Hypervisor:

💰
Please note some solutions my cost a subscription fee.

Now that we have an understanding of these two types, we can conclude that starting off, you will most likely be running a Type 2 hypervisor. Personally, I have used VirtualBox up until recently and believe it is the best go-to solution for newcomers, primarily due to its cross-platform capabilities. This feature allows for easy image transfers between different machines with minimal issues early on.

However, as of recently to my knowledge, VMware Workstation Pro is now free. It would be unfair if I did not recommend users who run Windows as their OS to at least give it a try. While I can't speak for the performance firsthand, some of my juniors swear by it.

Now, a few of you reading may be asking, "What about Virt-Manager? That's what you use, why can't I use it?" Let me begin by saying that Virt-Manager is a Linux-based virtualization software, somewhat akin to a Type 2 version of Proxmox. It's a bit complex, and it took me three attempts before I officially transitioned over to using it permanently.

Deploying:

This content only covers deploying a singular VM. We are not addressing setting up a testing network in this article.

VirtualBox/VMware:

As much as I would love to create a personal walkthrough, I'm not experienced in video production and currently lack a suitable setup for screen recording. However, Heath Adams and his team have an excellent video on YouTube that I'm linking below. The main content is from (4:22 - 19:15). I highly recommend checking out their other videos as the TCM team creates weekly content.

This is not my video. All credit goes to Heath Adams and his team.

The deployment process is fairly simple once you choose your preferred Hypervisor and learn how to create virtual machines. One thing I cannot stress enough is the importance of using snapshots or backups. They can be a lifesaver when executing risky commands that might otherwise render your machine unusable.

Virt-Manager:

While I don't recommend this for beginners, here's a great video for learning Virt-manager. Please understand that most courses may not provide detailed instructions for specific setups or deployments using this hypervisor.

This is not my video. All credit goes to Veronica for her great work!

Lab conclusion:

We are leaving out Type 1 hypervisors for this article, as I intend to address them when discussing building a testing network. However, I want to show you my main rig and Proxmox to give you a general idea.

Left (Virt-Manger on main rig) Right (Proxmox)

Before we move on to the notes section, I want to emphasize one final point. This is your lab, so regardless of its size, what matters most is how effectively you can use it. I passed my OSCP using VirtualBox on my 6-year-old rig, so don't get caught up comparing yourself to others who may be running 50 virtual machines on custom-built rigs.

Building your knowledge:

The biggest factor for early success is going to be you notes. Prior to even getting a labs set up, or picking out a course to take is going to be picking a notes platform and setting it up.

Now there are an abundance of note platforms to choose from:

Now, I suggest exploring all options early on because migrating after spending a lot of time on one platform can be a headache. Personally, I have tested all of these platforms, each with its own pros and cons. However, surprisingly, I have stuck with GitBook since day 1. Truthfully, I got the inspiration from HackTricks. Carlos, if you are reading this, thank you for the idea. However, I particularly appreciate GitBook for its free usage and native syncing with GitHub, which is excellent for maintaining offline notes in Markdown format.

Now, my choice is simply based on my preference; everyone has specific needs they want in their notes. Obsidian has great plugins, Joplin has the best offline features, and OneNote is built into the MS Office suite. With this being said look at what is important and decide based on what is going to be best in a long term aspect.

Setting it up:

Now let me peel back the curtain and show a 3 key items that I think are great for notes.

  1. Separation of notes, I categorize mine into distinct sections for my attack matrix, box notes, and development notes. Below, each category has its own subsection to ensure my topics are neatly organized and easily accessible.
Blurred out for some privacy on certain projects and items
  1. Organization is the key to methodologies. Keeping the notes not only separated but also organized will assist your future self.
Example of my proving ground box engagements
  1. Consistency, consistency, consistency! Maintaining a consistent note structure makes it easier to reference topics and methodologies later on. To help you fully understand, I'll actually provide a screenshot of my box template.
My template

These three simple items may seem easy to learn, but they need to be used routinely to function properly. There will be days when you might want to take the easy way out and just throw screenshots into a document. However, it's better to maintain a solid habit to ensure that your actions become muscle memory for real engagements.

Wrapping up

To wrap up, this was a quick foundational post on setting up a Virtual machine and organizing your notes.

Here's a quick TL;DR for those who skipped to the end:

VMs:

  • Use a Type 2 hypervisor and run either VirtualBox or VMware.
  • If you're feeling fancy, try Virt-Manager.
    • Both videos are linked above to their respective YouTube videos.

Notes:

  • Research and use what is best suited for you, and selecting whichever platform has the necessary features you require.
  • Remember:
    • Separate your note topics.
    • Organize the information.
    • Be consistent.
📚
The information within this article is intended solely for educational purposes. It is crucial that the techniques and methodologies discussed should only be used for educational and ethical purposes. They should never be leveraged in a manner that could cause unlawful harm or infringe upon the rights, security, or privacy of others. It is essential for anyone engaging with this content to approach it with a mindset of learning and understanding, ensuring that knowledge gained is used responsibly and ethically.