Noob pentest environment advice?

[biob]

What recommendations would you make for a noobs pentest lab?

i currently have virtualbox running Kali, metasploitable, couple of Linux distro’s all on a internal network(virtualbox). 

Is there a simple solution to virtualise embedded system e.g. the firmware from my router?

i know there is this thing called google....but would like guidance from people who are knowledgeable in this area.

Any advise will be gratefully received, including recommended reading. Im not asking anyone to do it for me, just guide me in the right direction please.

This is purely a obsession/hobby for me.

 

 

[Rkiver]

There's a great topic available that is kind of well, everything.

It covers quite a lot, so might find something useful in there?

 

[biob]

Great link! Thank you. Looks like great reading.

 

[PoSHMagiC0de]

Also, if you want to spin up a quick AD test lab with an eval of server 2012 R2...or maybe 2016, have not tried this with 2016, you can use DSC to quickly spin one up when you need to.  The longest part is the preupdates and downloading the powershell module required for AD DSC.  I do not have my script on me, it is in the office but I have one that one will configure DHCP, DNS, AD and a few accounts with different permissions.  You could use some of those test run VMs for Windows or do fresh installs of windows to add some machines to the test domain.  I do this mainly in the office off our test host isolated with pfsense.

Here is a link so you can get started with a base DSC lab before hand.

https://blogs.technet.microsoft.com/ashleymcglone/2015/03/20/deploy-active-directory-with-powershell-dsc-a-k-a-dsc-promo/

 

[biob]

Think I’m going to need more RAM :-)

[biob]

Found this for emulating embedded devices

http://www.whitelist1.com/2017/05/1-emulating-netgear-router-firmware.html?m=1

any of you guys had experience with this?