My single most important habit isn't a technique. It's a network setting and a snapshot.
Everything I practise is illegal the moment it points at something I don't own. So the lab is built around one principle: a sealed environment with no egress. Host-only network, no NAT, nothing routes out. The vulnerable machines talk to my attacker box and to each other, and to absolutely nothing else. That seal is the entire difference between "security researcher" and "defendant," and I treat it as sacred.
The second habit: snapshot every VM the moment it's clean. When an experiment turns a box into a smoking crater, and it will, you restore in ten seconds instead of rebuilding for an hour. I've paid the rebuild tax for skipping snapshots. I don't pay it twice.
The unglamorous rules that make the interesting work possible:
- Snapshot before you touch anything.
- Restore instead of rebuild.
- Keep the wordlists and the noisy active tooling inside the seal.
- Assume any tool can misfire, and aim it somewhere it can't do harm.
Discipline isn't the opposite of doing cool things. It's the thing that lets you keep doing them.