Red Team Step 1 – Build Your Kali Lab

⚠️ Legal & Ethical Notice

This content is for authorized security research only. You must have written permission to test any system you do not own. Breaking into systems without permission is illegal.

1. Choose Your Environment

1. Virtual Machine (recommended)
   • Install VirtualBox or VMware Workstation/Fusion.
   • Download the latest Kali Linux ISO or VM image.
   • Create a VM with at least 4 GB RAM and 40 GB disk.
2. Container (lightweight)
   • Install Docker Desktop.
   • Run docker pull kalilinux/kali-rolling.
   • Start an interactive container: docker run -it --name kali kali-rolling bash.
   • Note: GUI tools require either X-forwarding or VNC setup.

2. Initial Update

# Login as root (or use sudo)
apt update && apt full-upgrade -y
reboot

3. Essential Toolkit

# Community repos
apt install -y kali-linux-large
# Extras
apt install -y terminator neovim openssh-server docker.io

GUI versions of ZAP and Burp Community are included in kali-linux-large.

4. Create an Isolated Target

• OWASP Juice Shop: docker run --rm -p 3000:3000 bkimminich/juice-shop
• DVWA: docker run --rm -p 80:80 vulnerables/web-dvwa
• These run only on localhost—safe for practice.

5. Snapshots & Restore Points

Take a VM snapshot (or commit your Docker container) before starting tests so you can roll back quickly.

6. Next Steps

• Move on to Step 2 in each Red-Team walkthrough (SQLi, XSS, BAC, etc.).
• Create dedicated throw-away user accounts for target apps.
• Keep your host firewall enabled; bridge networking only when needed.