Prerequisites
Hardware Requirements
| Component | Minimum | Recommended |
|---|---|---|
| CPU | Dual-core | Quad-core (supports virtualization) |
| RAM | 8 GB | 16+ GB |
| Storage | 100 GB SSD | 256+ GB SSD |
| Network | Broadband | High-speed connection |
Operating Systems
You'll need multiple VMs running simultaneously. Recommended host: Kali Linux or Ubuntu Desktop 22.04+ with 16GB+ RAM allocated for VMs.
Primary VM: Kali Linux
- Download from official Kali site
- Use VirtualBox or VMware
- Assign: 4+ CPU cores, 4-8 GB RAM, 100GB disk
Secondary VMs
- Metasploitable 2/3 — intentionally vulnerable Linux VM
- Windows 10/Server — AD attack practice
- DVWA — web app pentest lab
- HackTheBox Parrot or Kali for VPN labs
Essential Tools (Pre-Installed on Kali)
| Category | Tools |
|---|---|
| Recon | Nmap, Masscan, Subfinder, Amass, ffuf, gobuster |
| Web | Burp Suite, SQLMap, nikto, dirb, wfuzz |
| Network | NetExec (formerly CrackMapExec), Responder, impacket |
| Wireless | aircrack-ng, wifite2, bully, hashcat |
| Exploitation | Metasploit, searchsploit, msfvenom, pwntools |
| Forensics | volatility, binwalk, strings, hexdump |
| API Testing | curl, jq, postman |
Verification Commands
Run these on fresh Kali install to verify tools:
bash
# Core tools
nmap --version
msfconsole --version
aircrack-ng --help
python3 --version
python3 -m pip --version
# Optional verification
docker --version # For container labs
virtualbox --help # If using VirtualBoxMindset & Expectations
- Break things deliberately — lab environments are for controlled failure
- Read documentation — RTFM is a core skill (nmap docs, MITRE ATT&CK, OWASP)
- Google effectively — "how to exploit [CVE-XXXX-XXXX]" search skills matter
- Join communities — r/netsec, r/hacking, HTB forums,Infosec Twitter
- Document everything — keep a penetration testing笔记 (notebook) of your work
Study Resources
| Resource | Use |
|---|---|
| PortSwigger Web Academy | Web fundamentals |
| TryHackMe | Beginner-friendly boxes |
| HackTheBox | Intermediate-advanced practice |
| Offensive Security Proving Grounds | OSCP-style labs |
| CyberChef | Encoding/decoding tool |
| MITRE ATT&CK | TTP reference |
Next Steps
Once your environment is ready, proceed to Lab Setup to build your practice environment, then begin Week 1.