Building a Home Lab for Penetration Testing Practice
A practical guide to setting up a cost-effective home lab for practising penetration testing techniques — from network segmentation to intentionally vulnerable targets.
Why a Home Lab?
Certifications like OSCP require hands-on practice that you simply can't get from reading books. A home lab gives you a safe, legal environment to experiment with techniques, break things, and develop the muscle memory that separates a capable tester from someone who has merely memorised methodology.
This post covers the hardware, software, and configuration choices I'd make if I were setting up a lab from scratch today.
Hardware
You don't need enterprise hardware. A single capable machine running a hypervisor will get you a long way:
| Component | Recommendation | Notes |
|---|---|---|
| CPU | Intel i7 / AMD Ryzen 7 or better | VMs benefit from physical cores |
| RAM | 32 GB minimum, 64 GB ideal | Each VM consumes 2–4 GB |
| Storage | 1 TB NVMe SSD | Snapshots consume space quickly |
| Network | Dual NIC | Separates lab traffic from home network |
Alternatively, older enterprise workstations (Dell Precision, HP Z-series) can be sourced cheaply on eBay and offer good specs for the money.
Hypervisor Choice
Proxmox VE is my recommendation for a dedicated lab machine. It's free, runs on bare metal, and supports both KVM (Linux/Windows VMs) and LXC containers. The web UI is excellent for managing snapshots — essential when you inevitably break something.
VMware Workstation Pro (now free for personal use) is the better choice if you're running the lab on your main workstation.
Network Design
Isolate your lab traffic from your home network. The simplest approach is a dedicated VLAN or a separate physical interface with NAT:
[Home Router] --- [Lab Host (Proxmox)] --- [Internal Lab Bridge]
|
[Attacker VM (Kali)]
[Target VMs]
[Active Directory Lab]
Never expose lab VMs directly to the internet. Some intentionally vulnerable VMs contain known malware samples for analysis purposes.
Attacker Machines
- Kali Linux — the de facto standard, maintained by Offensive Security. Install as a VM, not dual-boot.
- Commando VM — if you need a Windows-based attacker machine for Windows-specific techniques.
Keep snapshots at a clean baseline and after installing tools, so you can roll back if something breaks.
Target Machines
Intentionally Vulnerable VMs
- VulnHub — hundreds of free downloadable VMs across all difficulty levels
- Metasploitable 2 & 3 — classic multi-service Linux/Windows targets
- DVWA (Damn Vulnerable Web App) — web application testing
Active Directory Labs
A realistic AD environment is essential for practising modern privilege escalation paths:
- One Windows Server VM as the Domain Controller (Server 2019 or 2022, evaluation licence)
- One or two Windows 10/11 clients joined to the domain
- Misconfigure intentionally: unconstrained delegation, weak GPOs, kerberoastable accounts
Online Practice Platforms
Supplement your local lab with cloud-hosted practice:
- Hack The Box — excellent machine variety, strong community writeups after flags
- TryHackMe — more guided, good for structured learning paths
- PentesterLab — particularly strong on web application exploitation
Getting Started
If you're new to this, don't try to build everything at once. Start with:
- A Kali VM
- Metasploitable 2 on an isolated network
- Complete the PNPT course by TCM Security
That combination will take you from zero to a solid foundational skillset. Everything else can be added incrementally.
Good luck — and feel free to reach out if you have questions.