Server

The server I am using is an HP Proliant Gen 5 server. It has 8 cores between 2 CPUs and has 32 GBs of RAM total. Because it is a slightly older server the CPUs do not support SLAT (second level address translation, a feature needed for newer versions of Hyper-V and other virtualization technologies) so I am running a slightly older version of VMWare ESXi that does not require SLAT as the hypervisor. I really like VMWare because of how easy it is to run/administer from both the VMWare workstation application from my computer or from the web interface the server runs.

Virtual Machines

Kali Linux

Kali is a fantastic distro of Linux for any kind of ethical hacking/penetration testing. It comes installed with many tools for a variety of tools such as nmap, openVAS, metasploit, etc. For a more detailed breakdown of the tools I use on it, please see to "tools" section of my blog where I go over all of the tools I've used

FireEye Sandbox (Flare VM)

The Flare VM from FireEye is a fantastic sandbox that has a ton of tools for malware analysis. I haven't done a ton with it yet but I am currently going through this course which I highly recommend: https://0verfl0w.podia.com/malware-analysis-course. The setup is very easy as you just need to download it from github and run the install powershell script and the script takes care of grabbing and installing all of the tools. I have it installed on a brand new Windows 10 VM and I would make sure to set some snapshots with your hypervisor right before and after performing the setup just in case something goes wrong. To read how to setup this VM for yourself see the official guide here:

Windows Servers

I currently have several different versions of Windows Server running in VMs including 2012, and 2016. Depending on the environment you work in, you might run into any combination of Windows Server versions (or all of the above) so it is important that you are at the very least familiar with the differences between the versions and know how to set up basic services on each. Learning how to set up services on Windows Server will help solidify your understanding of the basic services that might run on a server and will help you with both red-teaming and blue-teaming down the road. You can easily get copies of these for *free* by going to https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server and grabbing one of the evaluation versions. Since I don't need to do much that's persistent on the servers I can just create a snapshot once it's up and running and continually revert back to the snapshot to reset the VM. You can also use the guide here: https://www.ivobeerens.nl/2019/01/03/extend-the-evaluation-period-of-windows-server-2012-2016-and-2019/ to reset the eval period up to 6 times or so which gives you a few years to play around with the server.

Metasploitable

I downloaded this VM for an Ethical Hacking class and I like this VM for starting out with pentesting. It is a pre-configured linux device that has a lot of different vulnerabilities and is good practice for scanning a device and attempting to exploit discovered vulnerabilities. I will not get into any specific vulnerabilities or exploits I've used on this as I will probably make a blog post about it at some point but I highly recommend this for anyone getting started in ethical hacking.

Vyatta Router (VYOS)

This is a great virtual router that you can use to either set up virtual routing (if your hypervisor cannot handle what you need it to do) or for practice setting up/pentesting routers. I've been using it to practice exploiting services like SSH and Telnet on routers as part of Pentester Academy's network pentesting course (a course I highly recommend) and is fairly simple to both set up and configure. To get this VM yourself just go to https://www.vyos.io/subscriptions/ and select the "free" subscription option.

Parrot Security OS (I chose MATE instead of KDE as the GUI)

I just found this distro from using HackTheBox and I really like it! Very similar to Kali with many of the same tools so you could theoretically use it as a Kali substitute however I believe there are some tools it may be missing over Kali. There's a bunch of other privacy features and extras they throw in on top of the security tools which you can read about by clicking the link below. Parrot OS is updated frequently and made to be a daily driver as well as a security specific OS so check it out!