Building Your Own Cyber Security Lab and Cyber Range

Practice and Enhance Ethical Hacking and Defensive Security Skills

This is a course created by Omar Santos. Numerous cybersecurity and penetration testing tools and techniques have the potential to damage or destroy the target system or the underlying network. In addition, if malware is used in testing, there is the potential for infection and spread if testing in an Internet-connected testbed. This class will teach how to build your own virtualized, physical, or cloud-based environment to practice your skills in a safe ecosystem.

You will learn what you need to create a lab for offensive and defensive cybersecurity concepts. You will also learn and obtain access to numerous tools that you can use to practice your skills, from virtual machines (VMs), Docker containers, and intentionally vulnerable systems. You will learn how you can leverage tools like Virtual Box, VMWare Workstation/Fusion, ESXi, Proxmox, or even OpenStack to build your own cyber range. In addition, you will also learn how to use tools like Vagrant and Ansible to automate a lot of tasks. Vagrant files and Ansible playbooks will be shared during the class for you to build complex lab environments within minutes. You will also learn how to create environments in cloud services such as AWS, Azure, Google Cloud, and Digital Ocean.

This course is designed for anyone preparing for a certification like Certified Ethical Hacker (CEH), CompTIA PenTest+, CEH Practical, Offensive Security Certified Professional (OSCP), Cisco CCIE Security, CCNP Security. It is also designed to help those just learning how to perform penetration testing (ethical hacking), exploit development, or reverse engineer malware.

GET STARTED

IMPORTANT!!!

These VMs contains vulnerable software!

DO NOT connect to a production environment and use with caution!!!

System Requirements

You can run WebSploit in VirtualBox, VMWare Workstation or Fusion, and many other virtual machine architectures. However, this VM was specifically created and tested in VirtualBox. Subsequently, VirtualBox is recommended. VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use. For a thorough introduction to virtualization and VirtualBox, please refer to the online version of the VirtualBox User Manual’s first chapter.

You have different options to deploy WebSploit...

WebSploit Full

This is an all-in-one virtual machine built on top of Kali Linux + extra tools + several vulnerable applications running in Docker containers. This standalone VM designed for you to practice your skills in a safe environment.
Download WebSploit Full here.

WebSploit Lite

Ubuntu Server + vulnerable containers. Choose this VM if you already have Kali Linux (or any other penetration testing distribution) and just want to run the vulnerable containers separately.
Download WebSploit Lite here.

Install Script

If you already have a pen testing environment like Kali, Parrot Security, and Black Arch, you can download and run this script to setup your own WebSploit environment. The script will automatically install Docker and all the underlying containers and tools.

WebSploit Full Credentials

username: root
password: toor

WebSploit Lite Credentials

username: websploit
password: websploit

Docker is NOT configured to start at boot time. This is to avoid for the vulnerable applications to be exposed by default. To start the Docker service and automatically start the containers use:

service docker start

To obtain the status of each docker container use the following command:

sudo docker ps

Cybersecurity Training

Omar's on-demand and Live cybersecurity training, as well as books and other resources.

Topics include: Ethical hacking (penetration testing); digital forensics and Digital Forensics and Incident Response (DFIR); threat hunting; malware analysis; reverse engineering; and more.

LEARN MORE

ACCESS THE GITHUB REPO

Omar's Cybersecurity GitHub Repository

Over 6,000 cybersecurity references related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.