Home lab blueprint under $500

A home lab in cybersecurity is a practice range on your own laptop, the same way a driving simulator lets you make mistakes without hitting a real car. Unihackers’ new guide turns that idea into a shopping list that starts with free software and scales to a build under $500 instead of assuming you need enterprise gear. (unihackers.com) The first building block is a hypervisor, which is software that lets one computer pretend to be several smaller computers at once. Oracle says VirtualBox is free, cross-platform, and built to run multiple guest operating systems on one host machine, which is why it keeps showing up in entry-level lab plans. (virtualbox.org) Once you have that “computer inside your computer,” you need one machine to act like the attacker. Kali Linux publishes a VirtualBox guide that treats the virtual machine as a separate box, supports snapshots for rollbacks, and uses a default setup around 2 gigabytes of memory, 2 processors, and an 80 gigabyte virtual disk. (kali.org) Then you need a target that is supposed to be broken. Rapid7 describes Metasploitable 2 as an intentionally vulnerable Ubuntu Linux virtual machine made for testing common vulnerabilities, and its download is about 800 megabytes. (rapid7.com) A second target teaches web bugs instead of server bugs. Damn Vulnerable Web Application, or DVWA, is an intentionally insecure web app that its maintainers say is built so learners can practice things like Structured Query Language injection, cross-site scripting, and cross-site request forgery in a controlled environment. (github.com) (mintlify.com) At that point the lab stops being “one attacker and one victim” and starts looking like a small network. pfSense is the traffic cop in that network, and Netgate’s documentation centers it as firewall software with configuration recipes for routing and segmentation, which is the skill of putting machines in separate rooms so one compromise does not spread everywhere. (docs.netgate.com) The monitoring piece is Security Onion, which is the lab’s security camera system. Its VirtualBox documentation explains how to give the machine another network adapter and enable promiscuous mode so it can watch traffic crossing the lab instead of only seeing its own packets. (docs.securityonion.net) That mix matters because most beginner labs only teach “how to attack,” while this one also teaches “how to see” and “how to contain.” A setup with Kali Linux, Metasploitable 2, DVWA, pfSense, and Security Onion lets one person practice Linux, Windows-adjacent networking, web testing, firewall rules, and log analysis in the same small environment. (unihackers.com) The money angle is the part that makes the guide useful to job changers and students. By spelling out tiers from free software on an existing laptop up to a sub-$500 build, Unihackers is telling readers to buy only enough hardware to prove the next skill, not to build a miniature data center in their bedroom. (unihackers.com) That is also how hiring managers tend to read home labs now. A candidate who can show isolated networks, vulnerable targets, firewall rules, and alert data from one small lab is showing the full path of an incident—from attack to detection to containment—with tools that are either free or widely available. (unihackers.com)