My lab utilizes a Kali Linux instance as the primary attack vector, targeting a variety of intentional "weak" points within a virtualized network.
Scanning network ranges to identify open ports and services using Nmap and directory brute-forcing.
Comparing service versions against known CVE databases to find potential entry points.
Gaining initial access, escalating privileges to Root/Admin, and practicing persistence techniques.
A Linux VM specifically configured with dozens of security holes to practice everything from SQL injection to Telnet exploits.
A modern web application containing the Top 10 vulnerabilities, used to practice web-based penetration testing.
(In Progress) Building a Windows Domain environment to learn Kerberos attacks and lateral movement.