1
00:00:00,900 --> 00:00:07,920
Building a virtual penetration testing lab allows you to create an environment that is safe for you

2
00:00:07,920 --> 00:00:09,540
to hone your skills in.

3
00:00:20,710 --> 00:00:26,890
Scale the environment to add a new vulnerable systems and even remove all the legacy systems that you

4
00:00:26,890 --> 00:00:33,190
may no longer need and even create a virtual networks to pilot your attacks from one network to another.

5
00:00:33,220 --> 00:00:40,330
The concept of creating your very own virtualized penetration testing lab allows you to maximize resources

6
00:00:40,330 --> 00:00:46,990
on your existing computer without the need to purchase an online lab time from various service providers

7
00:00:46,990 --> 00:00:49,780
or even buy an additional computers and services.

8
00:00:49,930 --> 00:00:53,920
So you don't need to buy the these like kind of technologies.

9
00:00:53,920 --> 00:00:56,690
You can just use the virtualization technologies.

10
00:00:56,710 --> 00:01:03,280
So overall, you will be saving a lot of money as opposed to buying physical computers and networking

11
00:01:03,280 --> 00:01:06,430
equipment such as switches and routers.

12
00:01:06,430 --> 00:01:13,360
So as a cyber security trainer and professional, I have noticed that many people who are beginning

13
00:01:13,360 --> 00:01:21,230
their journeys within the field of information technology usually think that a physical lab infrastructure

14
00:01:21,230 --> 00:01:24,440
is needed based on their field of study.

15
00:01:24,470 --> 00:01:33,260
To some extent this is true, but as a technology advance, many downsides are associated with a building,

16
00:01:33,260 --> 00:01:35,660
a physical lab to practice your skills.

17
00:01:35,750 --> 00:01:41,300
There are like three main downsides and disadvantages of this.

18
00:01:41,300 --> 00:01:48,020
The physical space is required to store many servers and networking appliances that are needed.

19
00:01:48,020 --> 00:01:54,560
There are also power consumption per device will result in overall higher rate of financial expenditure

20
00:01:54,560 --> 00:01:57,650
and the cost of building or processing.

21
00:01:57,680 --> 00:02:04,760
Each physical device is high, whether it's a network appliance or a server or just a computer.

22
00:02:05,690 --> 00:02:12,250
So these are just some of the concerns many students and aspiring IT professionals experience.

23
00:02:12,260 --> 00:02:19,340
In many cases, a beginner usually has a single computer such as a desktop or a laptop computer.

24
00:02:19,340 --> 00:02:26,630
So being able to use the virtualization technologies that have emerged as a response to these downsides

25
00:02:26,660 --> 00:02:31,610
has opened a multitude of tools in the field of it.

26
00:02:31,700 --> 00:02:38,750
So this has enabled many people and organizations to optimize and manage their hardware resources more

27
00:02:38,750 --> 00:02:41,810
efficiently in the world of virtualization.

28
00:02:41,840 --> 00:02:48,890
A Hypervisor is a special application that allows a user to virtualize the hardware resources on their

29
00:02:48,890 --> 00:02:54,530
systems so that they can be shared with another operating systems or an application.

30
00:02:54,530 --> 00:03:01,910
So this allows you to install more than one operating system on top of your existing computer's operating

31
00:03:01,910 --> 00:03:02,390
system.

32
00:03:02,390 --> 00:03:08,300
So imagine that you are running Microsoft Windows 10 as your main operating system, but you wish to

33
00:03:08,300 --> 00:03:11,750
run Linux at the same time on the same computer.

34
00:03:11,780 --> 00:03:14,660
You can achieve this by using hypervisor.

35
00:03:14,660 --> 00:03:20,450
So hence we are going to use virtualization to ensure we can build a cost effective penetration testing

36
00:03:20,450 --> 00:03:21,800
lab environment.

37
00:03:22,660 --> 00:03:31,030
In this course, we are going to need several applications and frameworks to install our virtual penetration

38
00:03:31,030 --> 00:03:32,050
testing lab.

39
00:03:32,050 --> 00:03:34,690
So firstly, we're going to need the hypervisor.

40
00:03:34,690 --> 00:03:38,200
This hypervisor is required for creating virtual machines.

41
00:03:38,200 --> 00:03:45,820
We will be using the VMware player, but you can also use the Oracle VM VirtualBox.

42
00:03:46,060 --> 00:03:48,400
So we're going to need internet access.

43
00:03:48,460 --> 00:03:51,700
This is required for downloading additional applications.

44
00:03:51,880 --> 00:03:59,050
Internet access will be provided to our attacker systems while ensuring all our systems remain virtually

45
00:03:59,050 --> 00:03:59,980
isolated.

46
00:04:00,400 --> 00:04:06,460
We will need a machine, a penetration testing machine, so the system will be attacker system and we

47
00:04:06,460 --> 00:04:08,020
will be using Kali Linux.

48
00:04:08,020 --> 00:04:10,120
We will need vulnerable client systems.

49
00:04:10,120 --> 00:04:14,980
So this will be our target and victim systems for security testing.

50
00:04:14,980 --> 00:04:21,400
The vulnerable systems will include Metasploitable two and Metasploitable three, both Windows and Linux

51
00:04:21,400 --> 00:04:22,150
versions of course.

52
00:04:22,150 --> 00:04:26,530
So traditional systems may be added as you progress through this course.

53
00:04:26,530 --> 00:04:30,640
We will also lastly, we will need the vulnerable web applications.

54
00:04:30,640 --> 00:04:38,710
So these are the systems that contain vulnerable web applications to help you understand the security

55
00:04:38,710 --> 00:04:40,690
weaknesses in web applications.

56
00:04:40,690 --> 00:04:46,840
So these will be open Web Application Security Project, OWASP and the OWASP Broken Web Application

57
00:04:46,870 --> 00:04:47,680
PWA.

58
00:04:47,950 --> 00:04:53,730
Furthermore, this diagram is our network penetration testing lab topology.

59
00:04:53,740 --> 00:04:55,000
Let's get started.

60
00:04:55,000 --> 00:05:04,420
And so I dropped and, uh, created this topology to show you how our networking IP addresses is contained

61
00:05:04,420 --> 00:05:10,720
and how which virtual machine has the following IP addresses.

62
00:05:12,340 --> 00:05:12,670
Here.

63
00:05:12,670 --> 00:05:15,550
We're going to need the main virtual machine.

64
00:05:15,910 --> 00:05:17,960
Um, so this is going to be a.

65
00:05:19,830 --> 00:05:21,210
Kali Linux.

66
00:05:23,620 --> 00:05:25,140
Increase the font.

67
00:05:25,150 --> 00:05:32,380
So and in this SQL Linux disconnect, this will call this call Linux will connect to our.

68
00:05:33,400 --> 00:05:35,350
A Windows machine.

69
00:05:35,680 --> 00:05:36,910
Windows.

70
00:05:39,130 --> 00:05:43,330
In this machine or like just a computer computer.

71
00:05:43,940 --> 00:05:44,780
Here.

72
00:05:44,810 --> 00:05:48,770
This is our main machine here.

73
00:05:49,970 --> 00:05:53,270
Uh, in this case, it's going to be my laptop.

74
00:05:54,640 --> 00:05:56,560
Mean machine.

75
00:05:56,560 --> 00:06:02,980
And here and between this here, actually, we're going to need.

76
00:06:04,190 --> 00:06:06,110
Virtual machine.

77
00:06:07,040 --> 00:06:09,140
This is our VMware.

78
00:06:10,230 --> 00:06:18,000
We're going to have installed VMware here and in this VMware player, virtual machine player, we're

79
00:06:18,000 --> 00:06:19,830
going to use Kali Linux.

80
00:06:20,310 --> 00:06:23,100
We will also need, uh, the.

81
00:06:24,300 --> 00:06:26,210
Read Team Lab.

82
00:06:26,880 --> 00:06:30,510
This is going to be our red team.

83
00:06:30,510 --> 00:06:32,070
Lab lab.

84
00:06:32,340 --> 00:06:35,070
And we will need.

85
00:06:36,000 --> 00:06:36,300
Uh.

86
00:06:36,300 --> 00:06:36,570
Okay.

87
00:06:36,570 --> 00:06:38,150
This is a colinux.

88
00:06:38,610 --> 00:06:43,260
We will also need the Metasploitable.

89
00:06:43,650 --> 00:06:46,920
And this is our Metasploitable.

90
00:06:47,930 --> 00:06:49,080
The wall systems.

91
00:06:49,790 --> 00:06:53,720
And this main machine is going to connect to Internet.

92
00:06:53,960 --> 00:06:57,560
But they are they're going to be isolated.

93
00:06:58,660 --> 00:07:00,310
So don't worry about that.

94
00:07:01,470 --> 00:07:07,680
And here these are going to be connect to the Internet and the Internet.

95
00:07:07,830 --> 00:07:13,980
So this is our like our basic diagram for creating our virtual machines.

96
00:07:15,510 --> 00:07:22,590
Now that you have an idea of the lab topology as well as the systems and technologies which we are going

97
00:07:22,590 --> 00:07:24,920
to be working with throughout this course.

98
00:07:24,930 --> 00:07:31,590
Let's get started by setting up a hypervisor and virtual networks in next lecture.