Cybersecurity ESXi HomeLab
What is this?
In this project, we will be utilizing a bare-metal ESXi Server to create a homelab for all our cybersecurity endeavors. The main use I got out of this lab is being able to collaborate with teams on projects and setting up vulnerable networks to practice penetration testing. I focus mainly on virtualizing pfSense, but any device serving as a DHCP will suffice as well as any number of networks can be created.
⚠️ IMPORTANT: If you want to skip to building the lab, here is PART 1.
Specifications
I built a personal server using components of an old HP Z6 Workstation but if you have any old laptops or desktops lying around with a good amount of RAM they will be sufficient for this type of build. I would recommend anywhere from 16 to 32 GB of RAM. If you would like to know what I worked with here are the specs:
Hardware:
- HOST: VMware ESXi Type-1 Hypervisor
- CPU: Intel(R) Xeon(R) Gold 6146 CPU @ 3.20GHz
- GPU: NVIDIA GTX 960
- MEMORY: 64 GB
- STORAGE: 2 TB
Requirements:
- OS: ESXi Host
- Router/Firewall: pfSense ISO File
If you would like to learn how to install VMware ESXi on a new machine I would recommend watching NetworkChuck's video on setting it up.
Network
⚠️ IMPORTANT: This Home Lab is based off ip3c4c's VMWare HomeLab where he essentially creates a similar home lab locally on his workstation.
The purpose of virtualizing pfSense was because I wanted a way to separate my penetration activities from any other activities on my native machine. I also wanted to create a DMZ style network where I can host projects for other team members to join and contribute.
The HomeLab virtualizes 4 networks: Admin (used to oversee all networks), Testing (used to isolate machines I use for penetration testing), Vulnerable (isolates vulnerable machines or an Active Directory network), and Public (isolates VPN users to join and interact with DMZ VMs).
Below is a diagram of the network:
A quick summary of the network, the ESXi Server virtualizes two switches and a virtual pfSense firewall. The "vSwitch0" is the WAN connection for the router (which in this case connects to the 10.0.0.0/24 network) and the "New switch" is the LAN connection (connecting the rest of the virtual networks). The "New switch" contains 4 port groups assigned with different VLANs to create the 4 networks of Admin, Testing, Vulnerable, and Public.
ℹ️ NOTE: ESXi virtual switches serve as uplinks compared to traditional switches.
If you would like to read official documentation, I would recommend reading Netgate Documentation on virtualizing pfSense.
Start Here!
We will first start with preparing the ESXi network to create 4 VLANs.
To begin start at PART 1.
References
If you would like to make similar homelabs in VirtualBox, VMware, or Proxmox the links are below:
ip3c4c. (2022, February 14). Build a Cyber Security Homelab with VMware. ip3c4c’s Infosec Adventure. https://ip3c4c.com/2202_homelab_vmware/
Heater, B. (2022, January 14). Building a Security Lab in VirtualBox. 0xBEN. https://benheater.com/building-a-security-lab-in-virtualbox/
Heater, B. (2022b, January 16). Proxmox VE 8: Converting a Laptop into a Bare Metal Server. 0xBEN. https://benheater.com/bare-metal-proxmox-laptop/
Netgate. (2023, March 15). Virtualizing pfsense software with VMware vSphere / ESXi¶. pfSense® software Configuration Recipes - Virtualizing pfSense Software with VMware vSphere / ESXi | pfSense Documentation. https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-esxi.html