Getting started with your lab

As you work through this book, you will learn how to use different tools in a controlled environment. In order to have a controlled environment, we will need to build one.

There are three options that we have for building a penetration lab. These are as follows:

• Using a cloud provider: Cloud providers such as Microsoft Azure, Amazon Web Services, and Google Cloud give you the flexibility and scalability of deploying systems at a fraction of the cost compared to purchasing dedicated hardware. The only catch with using a cloud provider is that you would probably require permission to perform penetration tests on your deployed services.
• Using a high-powered laptop or desktop with virtualization software: As high-powered laptops and desktops are relatively cheap, this would be the option that many prefer. By using virtualization software such as Microsoft Hyper-V, VMware, and Virtualbox, you can deploy a fully isolated network on your host computer.

When using a hypervisor for penetration testing, there is a limitation with Hyper-V. Currently, Hyper-V does not allow you to connect a USB wireless card directly to the VM, as opposed to VMware, shown in the following screenshot, and Virtualbox. This introduces problems when you try to leverage monitor mode for wireless penetration testing. VMware and Virtualbox allow you to connect a USB wireless card directly to the virtual machine. The following screenshot depicts connecting a wireless network card directly to the virtual machine (Figure 1):

• Using dedicated hardware: This is the more expensive option. Here, you will need to have a full slew of networking equipment, including dedicated servers and workstations.

Let's start by looking at building a lab environment using virtualization tools such as VMware, Hyper-V, and VirtualBox.