Skip to main content

Deploying a Cybersecurity Lab on VirtualBox

· 4 min read
danger

This post is a work in progress — updates coming soon!

This article kicks off a comprehensive series on building a modular cybersecurity lab on VirtualBox — at zero cost. Every component is based on well-maintained, open-source software, with no proprietary licenses required.

💡 Want to go straight into the build process? Jump to:
Building the Cybersecurity Homelab

Network Diagram

Open Diagram in a New Tab
info

All tools used are 100% free and open-source. You can fully deploy this lab for $0, using nothing but your existing system and VirtualBox.

This lab supports both offensive (red team) and defensive (blue team) use cases: exploit real-world CVEs, detect attacks with log-based monitoring, and practice remediation and hardening in a realistic, enterprise-like environment — all from the comfort of your home !

System Requirements

To comfortably run the full lab, your host machine should have at least:

ResourceRecommended Minimum
CPU4 cores (8 threads ideal)
RAM16 GB (32 GB ideal for full setup)
Disk Space120 GB+ (SSD strongly recommended)
Host OSWindows / Linux / macOS
VirtualizationVirtualBox with VT-x/AMD-V enabled
tip

You can still deploy a smaller version (e.g. just pfSense + Kali + a web server on the DMZ + GOAD mini or light) if you're limited in resources — each module in this series is standalone and scalable.

What's Inside

Throughout the series, you’ll deploy and configure:

  • pfSense: Open-source firewall/router to segment the lab and mirror network traffic (SPAN) to Wazuh for visibility and detection.
  • Kali Linux: Attacker and administration VM
  • GOAD (GameOfActiveDirectory): Active Directory simulation for internal network attacks
  • Vulnerable Hosts (DMZ): Exposed systems for simulating real-world attack surfaces and testing CVEs across web apps, operating systems, and network services.
  • Wazuh: SIEM and host-based detection engine
  • Suricata: Network IDS/IPS deployed in passive mode using SPAN port mirroring from pfSense, to analyze and detect malicious traffic across lab segments.
  • OpenVAS: Vulnerability scanning and asset discovery
  • ProjectDiscovery Tools: For external recon and EASM (External Attack Surface Management)

All components are connected through isolated VirtualBox internal networks, simulating a segmented enterprise environment — Using pfSense as a gateway to the internet.

Why build this lab ?

The goal is to provide a realistic and isolated environment for learning, practicing, and showcasing offensive, defensive, and vulnerability management workflows. Every component runs locally, relies on open-source tools, and reflects real enterprise design patterns — with segmentation, monitoring, and detection built in.

This lab is ideal for:

  • Pentesters: Simulate lateral movement, privilege escalation, AD attacks.
  • Blue Teamers: Tune Wazuh/Suricata alerts, practice detection engineering.
  • Threat Hunters: Recreate attack chains with log visibility.
  • Students & Job Seekers: Gain hands-on experience for OSCP, CPTS, Blue Team certs.
  • Tool Testers: Try new techniques and tools in an isolated environment.

Project Structure & Roadmap

The lab is structured into modular steps. Each stage includes a detailed walkthrough:

  1. Deploy pfSense and configure network interfaces
  2. Set up Kali Linux as attacker/admin box
  3. Configure pfSense firewall rules and zones
  4. Add a vulnerable web server to the DMZ
  5. Deploy GOAD for internal AD simulation
  6. Configure Wazuh and Suricata for centralized detection
  7. Set up log forwarding and rules tuning
  8. Install and run OpenVAS vulnerability scans
  9. Use ProjectDiscovery tools for external recon/EASM
  10. Launch CVE exploitation, detect via logs, and respond using blue team workflows

Related Series: Attack × Detect × Defend

Once the lab is deployed, follow the Attack × Detect × Defend series — where we exploit real CVEs inside the lab, detect them via logs and alerts, and harden the environment against them.

Next Steps

Start with the first section of the lab setup here:
👉 Building the Cybersecurity Homelab

Happy hacking & defending !