Want to break into cybersecurity but have no hands-on experience? The fastest way to build real skills is to set up your own cybersecurity home lab. In this step-by-step guide, you will learn how to install VirtualBox and Kali Linux on your Windows computer, configure your virtual machine correctly, and run your first real security tools including Nmap and Wireshark. No prior experience is required. All you need is your laptop.

This is Part 1 of a full cybersecurity home lab series. By the end of this guide, you will have a fully functional Kali Linux virtual machine running on your Windows computer, ready for penetration testing, SOC analyst training, and ethical hacking practice.

Table of Contents

  1. What Is a Cybersecurity Home Lab?
  2. Prerequisites: What You Need
  3. Tools Required: VirtualBox and Kali Linux
  4. How to Download VirtualBox
  5. How to Download Kali Linux for VirtualBox
  6. Installing VirtualBox Step by Step
  7. Installing Kali Linux on VirtualBox
  8. Configuring Your VM Settings (RAM, CPU, Network)
  9. Setting Up Network Adapters: Bridged and NAT
  10. Booting Up Kali Linux and Logging In
  11. Running Basic Linux Commands in the Terminal
  12. Running Your First Nmap Scan
  13. Pinging Kali from Your Windows Machine
  14. Capturing Traffic with Wireshark
  15. Understanding the Cyber Kill Chain and MITRE ATT&CK
  16. What’s Next in the Series

What Is a Cybersecurity Home Lab?

A cybersecurity home lab is a safe, isolated working environment on your own computer where you can practice real-world cybersecurity skills without touching live systems or breaking any laws. Inside your home lab, you can carry out activities such as:

  • Ethical hacking and penetration testing
  • SOC (Security Operations Centre) analysis
  • Cyber threat intelligence (CTI)
  • Dark web monitoring
  • Malware analysis
  • Network traffic analysis

The key benefit is that everything runs on a virtual machine, meaning your main operating system and personal data are never at risk. This is the foundation of every serious cybersecurity career.

Prerequisites: What You Need

You do not need any prior cybersecurity knowledge to follow this guide. The only requirement is a working computer. If you have at least 8GB of RAM, you are good to go. If you are unsure, check the VirtualBox documentation for the recommended system specifications.

Quick Tip: If your virtual machine runs slowly, the most common cause is not enough RAM assigned to the VM. The more RAM your host machine has, the better your virtual machine will perform.

Tools Required: VirtualBox and Kali Linux

You need exactly two things to get started:

  • VirtualBox: The virtualization software that lets you run a separate operating system inside your Windows machine.
  • Kali Linux: A Linux distribution (distro) purpose-built for cybersecurity professionals. It comes pre-loaded with hundreds of security tools including Nmap, Burp Suite, Wireshark, and Metasploit.

Both are completely free to download and use.

How to Download VirtualBox

Head to the official VirtualBox downloads page. Select your host operating system (Windows, macOS, or Linux) and the download will start immediately.

Download VirtualBox Here

If you are on Windows, click Windows hosts. If you are on macOS or Linux, select your respective option. The download link is safe and comes directly from the official Oracle VirtualBox website.

How to Download Kali Linux for VirtualBox

To download the correct version of Kali Linux, go to the official Kali Linux downloads page and select Virtual Machines. From the list of available images, click the VirtualBox option. This will download a compressed file (approximately 3GB) that is specifically packaged for use with VirtualBox.

Download Kali Linux for VirtualBox Here

Note: The downloaded file will be compressed. On Windows 11, you can double-click it to extract the contents. On Windows 10, you may need a free tool like WinRAR to decompress the file first.

Installing VirtualBox Step by Step

Once the VirtualBox installer is downloaded, follow these steps:

  1. Double-click the installer file and click Yes on the UAC prompt.
  2. Click Next on the welcome screen.
  3. Accept the license agreement and click Next.
  4. Leave the default installation path (C:\Program Files\Oracle\VirtualBox) as is and click Next.
  5. Accept any prompts about missing dependencies and click Yes.
  6. Click the Install button and wait for the installation to complete.
  7. Click Finish to launch VirtualBox.

The installation is fast and straightforward. If your machine has 8GB or more of RAM, you should not encounter any issues.

Installing Kali Linux on VirtualBox

Now that VirtualBox is installed, it is time to add Kali Linux as a virtual machine. Because you downloaded a VirtualBox image (not an ISO), the process is much simpler than a standard OS install:

  1. Extract the downloaded Kali Linux compressed file to your desktop (or any folder you prefer).
  2. Open VirtualBox and click the Add button (not New, because you are importing an existing image).
  3. Navigate to the extracted folder and select the .vbox file.
  4. Click Open. Kali Linux will now appear in your VirtualBox machine list.

That is it. The Kali Linux virtual machine is now registered in VirtualBox and ready to be configured.

Configuring Your VM Settings (RAM, CPU, Network)

Before starting Kali, open the VM Settings and make the following adjustments for the best performance:

  • VM Name: Rename it to something clean, like Kali Linux.
  • Base Memory: Set this to at least 4GB (4096 MB). If your host machine has 24GB of RAM like in the video, you can safely assign 8GB to the VM.
  • Processor: Increase from 2 CPUs to 4 CPUs for better performance.

Performance Tip: If your Kali VM feels slow or laggy, increasing the RAM and CPU allocation in these settings is almost always the fix. Your VM’s speed is directly tied to the resources you assign it.

Setting Up Network Adapters: Bridged and NAT

Network adapter configuration is one of the steps most beginner tutorials skip, but it is critical for a functional lab. Under the Network settings of your VM, configure two adapters:

  • Adapter 1: Bridged Adapter – This allows your Kali VM and your Windows host to communicate with each other directly. This is what enables you to ping from Windows to Kali and vice versa.
  • Adapter 2: NAT – This gives your Kali VM access to the internet through your host machine’s connection. You need this for downloading updates, tools, and packages inside Kali.

Once both adapters are configured, click OK to save your settings.

Booting Up Kali Linux and Logging In

Click Start in VirtualBox to power up your Kali Linux VM. Give it a moment to fully load. When the login screen appears, use the following default credentials:

  • Username: kali
  • Password: kali

Hit Enter and you are in. You now have two operating systems running simultaneously on one machine: your Windows host and your Kali Linux virtual machine.

Running Basic Linux Commands in the Terminal

Open the Kali Linux terminal and try these foundational commands to get familiar with the environment:

  • ls – Lists all files and folders in the current directory.
  • pwd – Prints your current working directory.
  • cd Desktop – Changes your directory to the Desktop.
  • echo "This is a secret file" > secret.txt – Creates a text file with content.
  • ip a – Displays all network interfaces and their IP addresses.

The ip a command is especially important. Because you configured two network adapters, you will see multiple IP addresses listed. The primary IP address (shown under eth0) is the one you will use to communicate between your Kali VM and your Windows machine.

Running Your First Nmap Scan

Nmap (Network Mapper) is one of the most widely used tools in cybersecurity. It is used for port scanning, network reconnaissance, and host discovery. Kali Linux comes with Nmap pre-installed.

To run a basic subnet scan from inside your Kali terminal:

sudo nmap [your-kali-ip-address]/24

When prompted, enter your Kali password. Nmap will scan every device on your subnet and return a list of hosts with their open ports. This is the first stage of the Cyber Kill Chain: Reconnaissance.

Pinging Kali from Your Windows Machine

A great way to verify that your bridged adapter is working correctly is to ping your Kali VM from Windows. Open Command Prompt (CMD) on Windows and run:

ping [your-kali-ip-address]

If you get replies, it confirms that your Windows machine and your Kali VM are communicating successfully. This two-machine communication setup is the foundation of every lab exercise you will run going forward.

Capturing Traffic with Wireshark

While your Nmap scan is running from Kali, fire up Wireshark on your Windows machine. You will be able to see the scan traffic hitting your Windows host in real time. This is because the Nmap scan on your subnet will naturally touch your Windows machine as part of its discovery process.

This exercise demonstrates something important: tools like Nmap leave traces. Defenders using SIEM tools and Wireshark can detect and log these scans. This is exactly the kind of attacker vs defender dynamic you will be exploring in depth in future parts of this series.

Understanding the Cyber Kill Chain and MITRE ATT&CK

When you explore the Kali Linux tools menu, you will notice that the tools are organised by category. One of those categories is Reconnaissance, which is the first stage of the Cyber Kill Chain: the sequential stages an attacker goes through to compromise a target.

The original Cyber Kill Chain was developed by Lockheed Martin and consists of seven stages:

  1. Reconnaissance
  2. Weaponisation
  3. Delivery
  4. Exploitation
  5. Installation
  6. Command and Control (C2)
  7. Actions on Objectives

The expanded version of this framework is known as MITRE ATT&CK, which maps out attacker tactics, techniques, and procedures (TTPs) in much greater detail. Both frameworks are essential knowledge for anyone pursuing a career in SOC analysis, threat intelligence, or red teaming.

What’s Next in the Series

In the next video, you will learn how to:

  • Install Ubuntu as a second virtual machine
  • Set up a full SOC lab with Splunk
  • Perform end-to-end penetration testing tasks
  • Carry out ethical hacking exercises between your virtual machines

Make sure you subscribe and hit the notification bell so you do not miss Part 2.

Quick Links

Video Timestamps

Jump to any section in the video:

  • 0:00 – Introduction: What Is a Cybersecurity Home Lab?
  • 0:58 – Prerequisites: What You Need to Get Started
  • 1:36 – Software Required: VirtualBox and Kali Linux
  • 2:01 – How to Download VirtualBox
  • 3:31 – How to Download Kali Linux for VirtualBox
  • 5:05 – Installing VirtualBox: Step by Step
  • 8:16 – VirtualBox Installed Successfully
  • 9:02 – Why Kali Linux? Understanding Linux Distros
  • 10:08 – Installing Kali Linux on VirtualBox
  • 13:27 – Configuring Kali Linux VM Settings (RAM, CPU, Network)
  • 15:03 – Setting Up Network Adapters (Bridged and NAT)
  • 16:16 – Powering Up Your Kali Linux Virtual Machine
  • 18:00 – Logging In: Default Kali Credentials
  • 19:38 – Exploring Kali Linux Tools (Nmap, Burp Suite, Recon)
  • 20:12 – Understanding the Cyber Kill Chain and MITRE ATT&CK
  • 21:20 – Running Basic Linux Commands in Kali Terminal
  • 22:55 – Finding Your IP Address with the ip a Command
  • 24:13 – Running an Nmap Scan from Kali Linux
  • 25:13 – Pinging Kali from Your Windows Machine
  • 26:25 – Capturing Nmap Traffic with Wireshark
  • 27:50 – Wrapping Up and What’s Next

If this guide helped you, consider supporting the channel so more free content like this can keep coming.

Support the Channel (Buy Me a Coffee)