Zero to Hero: 24 Free Cybersecurity Home Lab Setups to Master Red & Blue Teaming + Video

Listen to this Post

Featured Image

Introduction:

Building a home lab is the definitive method for moving beyond theoretical cybersecurity knowledge into practical, hands-on expertise. The following 24 tools and platforms provide a complete ecosystem for both offensive (red team) and defensive (blue team) skill development. From exploiting vulnerabilities with Kali Linux to detecting threats with the Wazuh SIEM, this guide transforms your personal computer into a fully functional cybersecurity range, allowing for safe, controlled practice of attack and defense techniques.

Learning Objectives:

  • Objective 1: Construct a segmented virtual network with firewalls and vulnerable targets to simulate real-world enterprise environments.
  • Objective 2: Execute offensive security operations including exploitation, web app hacking, and adversary emulation.
  • Objective 3: Implement defensive measures such as log aggregation, intrusion detection, and threat hunting using open-source tools.

You Should Know:

  1. Building the Offensive Core: Kali, Targets, and Recon
    The foundation of any hacking lab is a robust attacker machine and vulnerable targets. Start by downloading and installing Kali Linux in a VM (VirtualBox/VMware). Your first targets should be Metasploitable 2 and Metasploitable 3.

– Step‑by‑step guide:
1. Setup Kali: Download the VM image from kali.org/get-kali. Import it into your hypervisor. Ensure the network adapter is set to “Host-Only” or a private “NAT Network” to keep attacks isolated.
2. Deploy Metasploitable 2: Download the VM from the provided SourceForge link. Boot it up. Find its IP address (ifconfig).
3. Perform Recon from Kali: Open a terminal on Kali and run an initial scan: sudo nmap -sV [bash]. This will reveal open ports and services (like FTP, SMB, Apache).
4. Exploit a Vulnerability: Based on the scan, use Metasploit. Type msfconsole. Search for an exploit related to a found service, e.g., search vsftpd. Use the exploit: use exploit/unix/ftp/vsftpd_234_backdoor. Set the target IP (set RHOSTS [bash]) and run it (run). If successful, you will gain a shell on the target.
5. Analyze Traffic: While performing the attack, run Wireshark on Kali. Start a capture on the network interface and filter for traffic to the target IP (ip.addr == [bash]). Observe the three-way handshake and the payload delivery.

2. Mastering Web Application Attacks with OWASP Tools

Web applications are a primary attack vector. The OWASP projects WebGoat and Juice Shop provide realistic environments to practice SQL injection, Cross-Site Scripting (XSS), and broken access control.
– Step‑by‑step guide:
1. Deploy WebGoat via Docker: If Docker is installed on your host or lab machine, run: docker run -it -p 127.0.0.1:8080:8080 webgoat/webgoat.
2. Access and Attack: Open a browser and navigate to http://localhost:8080/WebGoat`. Create an account. Navigate to the "(A1) SQL Injection" lesson.
3. Manual SQLi: In the query form, try to bypass authentication by inputting a string like `' OR '1'='1` into the password field. Observe how the application's SQL query is manipulated.
4. Proxy Interception with PortSwigger: Download and configure Burp Suite Community Edition from PortSwigger. Set your browser's proxy to
127.0.0.1:8080`. Turn intercept on and submit a form on Juice Shop. You can now modify the HTTP request (e.g., changing a price parameter) before forwarding it to the server, testing for business logic flaws.

3. Simulating Enterprise Networks: Active Directory Attacks

Modern corporate environments are built on Active Directory. The Vulnerable-AD project allows you to build a domain controller and workstation setup to practice Kerberoasting, Pass-the-Hash, and ACL abuse.
– Step‑by‑step guide:
1. Build the Lab: You need two Windows Server VMs and one Windows 10 VM. Follow the guide on the Vulnerable-AD GitHub page to set up the domain controller with insecure configurations.
2. Enumerate from Kali: From your Kali VM (joined to the network), use Impacket scripts. First, get a list of users: impacket-GetADUsers -all [bash]/[bash].
3. Perform Kerberoasting: Use another Impacket tool to request service tickets: impacket-GetUserSPNs -request -dc-ip [bash] [bash]/[bash]. Save the output to a file (hashes.txt).
4. Crack the Ticket: Use John the Ripper to crack the service account password offline: john --format=krb5tgs hashes.txt --wordlist=/usr/share/wordlists/rockyou.txt.

4. Defensive Monitoring with Wazuh and Security Onion

Defense is about visibility. Wazuh acts as a SIEM (Security Information and Event Management) and XDR, while Security Onion is a complete threat detection suite. This section focuses on ingesting logs from your vulnerable machines to see attacks from the defender’s perspective.
– Step‑by‑step guide:
1. Install Wazuh: The easiest method is using the quickstart script on a dedicated Ubuntu 22.04 VM: curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash wazuh-install.sh --generate-config-files.
2. Install an Agent on Metasploitable: On your Metasploitable 2 VM, you need to install the Wazuh agent. Since it’s Linux, you would add the Wazuh repository and install the agent, pointing it to your Wazuh server’s IP.
3. Trigger an Alert: From Kali, run a simple Nmap scan against the Metasploitable VM: nmap [bash].
4. Analyze in Wazuh Dashboard: Log in to the Wazuh dashboard. Navigate to the “Security Events” module. You should see alerts for “Nmap Scan” or port scans, categorized by the MITRE ATT&CK framework. You have just detected a reconnaissance attempt.

5. Adversary Emulation and Advanced Persistence

To truly understand an attacker, you must think like one. MITRE Caldera is an automated adversary emulation system that runs post-compromise techniques. Combine this with Cowrie, an SSH honeypot, to capture live attacker behavior.
– Step‑by‑step guide:
1. Deploy Cowrie Honeypot: On an isolated VM (e.g., Ubuntu Server), install Cowrie using git: `git clone https://github.com/cowrie/cowrie.git`. Install dependencies (`cd cowrie && pip install -r requirements.txt). Start it withbin/cowrie start.
2. Simulate an Attack: From Kali, attempt to SSH into the honeypot VM: `ssh root@[bash]` with any password (e.g., "123456"). You will get a fake shell.
3. Review Attacker Logs: On the honeypot VM, view the downloaded files and commands:
cat cowrie/var/log/cowrie/cowrie.json. You will see the attempted login credentials and the commands the "attacker" tried to run.
4. Run MITRE Caldera: On a separate machine, download Caldera from `caldera.mitre.org` and run it. You can configure it to connect to an agent on your Windows 10 VM and execute a series of techniques, such as discovery commands (
whoami,ipconfig`) to simulate initial access and enumeration.

What Undercode Say:

  • Key Takeaway 1: Repetition is the mother of skill. Simply launching an exploit once is not enough. The true value of a home lab lies in tearing it down and rebuilding it, automating the deployment with Ansible, and repeating attacks while trying different evasion techniques against your own defenses (e.g., Suricata).
  • Key Takeaway 2: Integration creates expertise. A powerful lab isn’t just a collection of tools, but a unified system. For example, configure pfSense to route traffic between your attacker Kali and your target Windows domain. Then, ensure all traffic is logged by Zeek, analyzed by Suricata, and forwarded to Wazuh. This creates a cohesive workflow from attack to detection, mirroring a real security operations center (SOC).

Prediction:

As cloud-native technologies and AI-driven attacks become the norm, home labs will evolve from simple VM collections to hybrid cloud environments. We will see a surge in Infrastructure as Code (IaC) tools like Terraform being used to deploy and destroy entire attack ranges on demand in AWS or Azure. The integration of Large Language Models (LLMs) into these labs for automated report generation and attack path analysis will become a standard learning tool, enabling aspiring professionals to analyze complex attack chains at a pace previously impossible.

▶️ Related Video (78% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Ouardi Mohamed – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky