This post is a companion to the Home Lab Series in the tutorials section — a stage-by-stage guide built so you can stop at any point and still have a working lab and a place to learn. Before you spin up your first VM, it helps to know whether your machine is ready for the ride. That’s what this post is for.
Specs come in two flavors: bare minimum (survivable, barely) and recommended (actually fun). If you’re running at bare minimum, expect slowdowns, swap thrashing, and the occasional existential crisis. You’ve been warned.
This is an ongoing series — this post will be updated as new stages are added to the Home Lab Series.
A Note from Experience (Or: How I Learned to Stop the Suffering and Upgrade My Laptop)
I was happily committed to my previous laptop for years. It was a good relationship. We added features, tried new things, kept it interesting.
Then I decided to build this lab. What followed was countless hours of downloading, installing, and configuring pfSense, Kali, Metasploitable2, AD server, Windows enterprise machines, Kioptrix, and Security Onion. For a while, things were fine – but the weight of everything we’d built together slowly became too much to bear. My laptop once quick to respond, always there when I needed it – began to crack under the pressure. Simple questions went unanswered. Fans ran at full speed like it was trying to escape. It was overwhelmed, and honestly, so was I.
I tried removing Security Onion for a bit – I told myself it was just a break, a chance to breathe. I even had a brief fling with Wazuh. It wasn’t long before I came crawling back to Security Onion. I found myself right back in the same situation, with a 16 GB machine slowly suffocating under a full lab stack with nowhere left to go. It was clear the situation wasn’t working. I knew I had to move on.
My current machine is an Intel Core Ultra 7 with 64 GB RAM and 1.86 TB of storage. It changed everything. The lab actually runs now. Seriously, all of it runs – simultaneously.
I’m sharing this story because the “bare minimum” numbers are the floor I found by falling through it. The “recommended” numbers are what actually made my lab enjoyable. Your mileage may vary, but if your machine is already groaning under normal use, you can expect more protests from your system.
Quick Reference: Cumulative Specs by Stage
| Stage | Lab Components | Min RAM | Rec RAM | Min Storage | Rec Storage |
|---|---|---|---|---|---|
| 1 | VMware + pfSense + Kali | 8 GB | 16 GB | 80 GB | 120 GB |
| 2 | + Vulnerable Machine (DMZ1) | 10 GB | 16 GB | 100 GB | 150 GB |
| 3 | + AD DC + Win10 #1 (CORP) | 16 GB | 32 GB | 180 GB | 250 GB |
| 4 | + Win10 #2 | 20 GB | 32 GB | 220 GB | 300 GB |
| 5 | + Vulnerable Machine #2 (DMZ2) | 22 GB | 32 GB | 240 GB | 320 GB |
| 6 | + Security Onion (Full Lab) | 32 GB | 64 GB | 320 GB | 500 GB |
Stage 1 — Deploy VMware Workstation Pro + Spin Up pfSense + Install Kali Linux + Lock Down pfSense + Add Metasploitable2
This is your foundation. Everything else builds on this, so get comfortable here before moving on. Stage 1 covers five tutorials: getting VMware installed, pfSense and Kali running, pfSense configured and locked down, and then adding your first target – Metasploitable2.
Tutorials in this stage:
- Lab Series #01: Deploy VMware Workstation Pro
- Lab Series #02: Spin Up pfSense
- Lab Series #03: Install Kali Linux
- Lab Series #04: Lock Down pfSense
- Lab Series #05: Add Metasploitable2
What you’re spinning up:
- VMware Workstation Pro (hypervisor)
- pfSense VM (your router/firewall, configured with segmented interfaces)
- Kali Linux VM (your attack box, accessible via RDP from your host)
- Metasploitable2 (your first vulnerable target machine)
⚠️ Check that VT-x / AMD-V is enabled in your BIOS. Newer machines often have this on by default but if VMware throws errors on first launch, this is the first place to look.
Skills Learned
- Hypervisor installation and configuration (VMware Workstation Pro)
- Virtual network adapter types: NAT, Bridged, Host-Only and why it actually matters
- pfSense installation, initial configuration, and firewall rule creation
- Interface assignment in pfSense (WAN, LAN, DMZ1, DMZ2, CORP, SPAN)
- DHCP configuration per network segment
- Firewall aliases and rule ordering logic
- Kali Linux installation and post-install configuration
- VMware Virtual Network Editor configuration
- pfSense DHCP static reservations
- Basic VM snapshot management (take snapshots – seriously, it’ll save you)
- Network connectivity troubleshooting between VMs
- Importing and configuring a VM from a pre-built image in VMware
- Assigning a VM to the correct virtual network segment
- Verifying DMZ isolation with firewall rule testing
- Metasploitable2 initial enumeration
- Running your first scans from Kali against a live target
- Confirming that your firewall rules are actually doing what they’re supposed to do
Difficulty level: Beginner to Intermediate: A lot of people skip the fundamentals and then can’t explain why their traffic isn’t routing, but you’ll know why. You can now work through most beginner-friendly CTF content and cover the basics that show up in Security+ and CEH labs.
