WEBVTT 00:00.900 --> 00:07.920 Building a virtual penetration testing lab allows you to create an environment that is safe for you 00:07.920 --> 00:09.540 to hone your skills in. 00:20.710 --> 00:26.890 Scale the environment to add a new vulnerable systems and even remove all the legacy systems that you 00:26.890 --> 00:33.190 may no longer need and even create a virtual networks to pilot your attacks from one network to another. 00:33.220 --> 00:40.330 The concept of creating your very own virtualized penetration testing lab allows you to maximize resources 00:40.330 --> 00:46.990 on your existing computer without the need to purchase an online lab time from various service providers 00:46.990 --> 00:49.780 or even buy an additional computers and services. 00:49.930 --> 00:53.920 So you don't need to buy the these like kind of technologies. 00:53.920 --> 00:56.690 You can just use the virtualization technologies. 00:56.710 --> 01:03.280 So overall, you will be saving a lot of money as opposed to buying physical computers and networking 01:03.280 --> 01:06.430 equipment such as switches and routers. 01:06.430 --> 01:13.360 So as a cyber security trainer and professional, I have noticed that many people who are beginning 01:13.360 --> 01:21.230 their journeys within the field of information technology usually think that a physical lab infrastructure 01:21.230 --> 01:24.440 is needed based on their field of study. 01:24.470 --> 01:33.260 To some extent this is true, but as a technology advance, many downsides are associated with a building, 01:33.260 --> 01:35.660 a physical lab to practice your skills. 01:35.750 --> 01:41.300 There are like three main downsides and disadvantages of this. 01:41.300 --> 01:48.020 The physical space is required to store many servers and networking appliances that are needed. 01:48.020 --> 01:54.560 There are also power consumption per device will result in overall higher rate of financial expenditure 01:54.560 --> 01:57.650 and the cost of building or processing. 01:57.680 --> 02:04.760 Each physical device is high, whether it's a network appliance or a server or just a computer. 02:05.690 --> 02:12.250 So these are just some of the concerns many students and aspiring IT professionals experience. 02:12.260 --> 02:19.340 In many cases, a beginner usually has a single computer such as a desktop or a laptop computer. 02:19.340 --> 02:26.630 So being able to use the virtualization technologies that have emerged as a response to these downsides 02:26.660 --> 02:31.610 has opened a multitude of tools in the field of it. 02:31.700 --> 02:38.750 So this has enabled many people and organizations to optimize and manage their hardware resources more 02:38.750 --> 02:41.810 efficiently in the world of virtualization. 02:41.840 --> 02:48.890 A Hypervisor is a special application that allows a user to virtualize the hardware resources on their 02:48.890 --> 02:54.530 systems so that they can be shared with another operating systems or an application. 02:54.530 --> 03:01.910 So this allows you to install more than one operating system on top of your existing computer's operating 03:01.910 --> 03:02.390 system. 03:02.390 --> 03:08.300 So imagine that you are running Microsoft Windows 10 as your main operating system, but you wish to 03:08.300 --> 03:11.750 run Linux at the same time on the same computer. 03:11.780 --> 03:14.660 You can achieve this by using hypervisor. 03:14.660 --> 03:20.450 So hence we are going to use virtualization to ensure we can build a cost effective penetration testing 03:20.450 --> 03:21.800 lab environment. 03:22.660 --> 03:31.030 In this course, we are going to need several applications and frameworks to install our virtual penetration 03:31.030 --> 03:32.050 testing lab. 03:32.050 --> 03:34.690 So firstly, we're going to need the hypervisor. 03:34.690 --> 03:38.200 This hypervisor is required for creating virtual machines. 03:38.200 --> 03:45.820 We will be using the VMware player, but you can also use the Oracle VM VirtualBox. 03:46.060 --> 03:48.400 So we're going to need internet access. 03:48.460 --> 03:51.700 This is required for downloading additional applications. 03:51.880 --> 03:59.050 Internet access will be provided to our attacker systems while ensuring all our systems remain virtually 03:59.050 --> 03:59.980 isolated. 04:00.400 --> 04:06.460 We will need a machine, a penetration testing machine, so the system will be attacker system and we 04:06.460 --> 04:08.020 will be using Kali Linux. 04:08.020 --> 04:10.120 We will need vulnerable client systems. 04:10.120 --> 04:14.980 So this will be our target and victim systems for security testing. 04:14.980 --> 04:21.400 The vulnerable systems will include Metasploitable two and Metasploitable three, both Windows and Linux 04:21.400 --> 04:22.150 versions of course. 04:22.150 --> 04:26.530 So traditional systems may be added as you progress through this course. 04:26.530 --> 04:30.640 We will also lastly, we will need the vulnerable web applications. 04:30.640 --> 04:38.710 So these are the systems that contain vulnerable web applications to help you understand the security 04:38.710 --> 04:40.690 weaknesses in web applications. 04:40.690 --> 04:46.840 So these will be open Web Application Security Project, OWASP and the OWASP Broken Web Application 04:46.870 --> 04:47.680 PWA. 04:47.950 --> 04:53.730 Furthermore, this diagram is our network penetration testing lab topology. 04:53.740 --> 04:55.000 Let's get started. 04:55.000 --> 05:04.420 And so I dropped and, uh, created this topology to show you how our networking IP addresses is contained 05:04.420 --> 05:10.720 and how which virtual machine has the following IP addresses. 05:12.340 --> 05:12.670 Here. 05:12.670 --> 05:15.550 We're going to need the main virtual machine. 05:15.910 --> 05:17.960 Um, so this is going to be a. 05:19.830 --> 05:21.210 Kali Linux. 05:23.620 --> 05:25.140 Increase the font. 05:25.150 --> 05:32.380 So and in this SQL Linux disconnect, this will call this call Linux will connect to our. 05:33.400 --> 05:35.350 A Windows machine. 05:35.680 --> 05:36.910 Windows. 05:39.130 --> 05:43.330 In this machine or like just a computer computer. 05:43.940 --> 05:44.780 Here. 05:44.810 --> 05:48.770 This is our main machine here. 05:49.970 --> 05:53.270 Uh, in this case, it's going to be my laptop. 05:54.640 --> 05:56.560 Mean machine. 05:56.560 --> 06:02.980 And here and between this here, actually, we're going to need. 06:04.190 --> 06:06.110 Virtual machine. 06:07.040 --> 06:09.140 This is our VMware. 06:10.230 --> 06:18.000 We're going to have installed VMware here and in this VMware player, virtual machine player, we're 06:18.000 --> 06:19.830 going to use Kali Linux. 06:20.310 --> 06:23.100 We will also need, uh, the. 06:24.300 --> 06:26.210 Read Team Lab. 06:26.880 --> 06:30.510 This is going to be our red team. 06:30.510 --> 06:32.070 Lab lab. 06:32.340 --> 06:35.070 And we will need. 06:36.000 --> 06:36.300 Uh. 06:36.300 --> 06:36.570 Okay. 06:36.570 --> 06:38.150 This is a colinux. 06:38.610 --> 06:43.260 We will also need the Metasploitable. 06:43.650 --> 06:46.920 And this is our Metasploitable. 06:47.930 --> 06:49.080 The wall systems. 06:49.790 --> 06:53.720 And this main machine is going to connect to Internet. 06:53.960 --> 06:57.560 But they are they're going to be isolated. 06:58.660 --> 07:00.310 So don't worry about that. 07:01.470 --> 07:07.680 And here these are going to be connect to the Internet and the Internet. 07:07.830 --> 07:13.980 So this is our like our basic diagram for creating our virtual machines. 07:15.510 --> 07:22.590 Now that you have an idea of the lab topology as well as the systems and technologies which we are going 07:22.590 --> 07:24.920 to be working with throughout this course. 07:24.930 --> 07:31.590 Let's get started by setting up a hypervisor and virtual networks in next lecture.