Building a Lab Nobody Can See

Rule number one of offensive work without ruining your life: you do not practice on the internet. You practice in a box the internet cannot reach and that cannot reach the internet. Most of what I do in here is illegal the moment it points at something I do not own, so before anything else I built a place where there is nothing to break the law against.

The setup took a weekend and a lot of usermod -aG.

Kali, fully updated, because a half-updated Kali is its own kind of haunted. KVM with libvirt and virt-manager for fast native virtualization, VirtualBox and Vagrant on the side specifically because the Active Directory lab insists on it, and Docker for the throwaway vulnerable apps. The part that actually matters is the network: an isolated host-only network with no NAT and no egress. The vulnerable machines live there. They can talk to my attacker box and to each other. They cannot talk to anything else, and nothing else can talk to them.

Then the single most important habit in the whole craft: snapshot every VM the moment it is clean. When an experiment turns the machine into a smoking crater, and it will, you restore in ten seconds instead of rebuilding for an hour. I have paid for skipping that. I do not skip it twice.

It is a strange thing to build a playground whose entire design goal is being sealed off from everything. But that seal is the difference between “security researcher” and “defendant,” and I intend to stay the former.

Lab is up. kvm-ok says OK. docker run hello-world runs without sudo. Time to start breaking things that were built to be broken.