Virtual Machine Setup for Cybersecurity Labs
Why Virtual Machines for Cybersecurity?
Section titled “Why Virtual Machines for Cybersecurity?”Virtual machines (VMs) are the foundation of every cybersecurity lab. A VM is a software-based computer running inside your real computer, completely isolated from your host operating system. This isolation is what makes VMs essential for security work.
Safe experimentation. You can run malware samples, test exploits, and probe vulnerabilities without any risk to your primary system. If something goes wrong inside a VM, your host machine remains unaffected.
Snapshot and restore. VMs let you save the exact state of a system at any point. Run an experiment, break something, then restore to a clean snapshot in seconds. This makes learning from mistakes fast and painless.
Multiple operating systems. You can run Kali Linux, Windows, and vulnerable targets all on the same hardware simultaneously. This lets you simulate realistic attack-and-defend scenarios from a single workstation.
Portfolio evidence. Documenting your VM lab setup shows employers you have practical, hands-on experience — not just theoretical knowledge from textbooks.
Legal notice: Virtual machines are tools for authorised testing only. Never use the techniques or tools described in this guide against systems you do not own or do not have explicit written permission to test. Unauthorised access to computer systems is a criminal offence under the Computer Fraud and Abuse Act (US), the Computer Misuse Act (UK), and equivalent laws worldwide.
Choosing a Hypervisor
Section titled “Choosing a Hypervisor”A hypervisor is the software layer that creates and manages virtual machines. It sits between your physical hardware and the guest operating systems, allocating CPU, memory, and storage to each VM.
Virtual Machine Architecture
How VMs create isolated environments for safe security testing
VirtualBox (free, cross-platform) is the recommended choice for beginners. It runs on Windows, macOS (Intel), and Linux, has extensive documentation, and is used in most cybersecurity training courses.
VMware Workstation Player (free for personal use) offers slightly better performance than VirtualBox on Windows and Linux. VMware Workstation Pro adds features like snapshots and cloning.
Hyper-V is built into Windows Pro and Enterprise editions. It is a Type 1 hypervisor that runs directly on hardware, offering strong performance but limited to Windows hosts.
UTM is the recommended option for Apple Silicon Macs (M1, M2, M3, M4). VirtualBox does not run reliably on ARM-based Macs, making UTM the practical choice for those systems.
System Requirements
Section titled “System Requirements”Before installing a hypervisor, verify your hardware meets these specifications.
| Component | Minimum | Recommended |
|---|---|---|
| RAM | 8 GB | 16 GB or more |
| CPU | Quad-core | 6+ cores |
| Storage | 50 GB free | 200 GB+ free (SSD) |
| Virtualisation | VT-x or AMD-V enabled | Same |
Checking virtualisation support. On Windows, open Task Manager, go to the Performance tab, and look for “Virtualization: Enabled” under CPU. On macOS, run sysctl -a | grep machdep.cpu.features in Terminal and look for VMX in the output. On Linux, run lscpu | grep Virtualization.
If virtualisation is disabled, you will need to enable it in your BIOS/UEFI settings. The exact steps vary by motherboard manufacturer, but the setting is typically found under CPU Configuration or Advanced Settings, labelled Intel VT-x, AMD-V, or SVM Mode.
Installing VirtualBox
Section titled “Installing VirtualBox”VirtualBox Setup Process
From download to your first running VM
- Download VirtualBox from virtualbox.org. Select the package for your host operating system.
- Download the Extension Pack from the same page. This adds USB 2.0/3.0 support, disk encryption, and other useful features.
- Run the installer and accept the default settings. Windows users may see a network adapter warning — this is normal and required for VM networking.
- Install the Extension Pack by double-clicking the downloaded file. VirtualBox will prompt you to accept the licence and install.
- Configure the default VM folder. Go to File > Preferences > General and set the Default Machine Folder to a location on a drive with sufficient free space. An SSD is strongly recommended.
Setting Up Your First VM: Kali Linux
Section titled “Setting Up Your First VM: Kali Linux”Kali Linux is the most widely used penetration testing distribution. It comes with over 600 pre-installed security tools including Nmap, Burp Suite, Metasploit, and Wireshark.
Download the Kali OVA from kali.org/get-kali. The pre-built VirtualBox image is the fastest way to get started — no manual installation required.
Import into VirtualBox. Go to File > Import Appliance, select the downloaded OVA file, and click Import. This creates a ready-to-use VM with recommended settings.
Adjust resources. Before starting the VM, right-click it and select Settings:
- System > Motherboard: Set base memory to at least 4096 MB (4 GB)
- System > Processor: Allocate at least 2 CPU cores
- Display > Screen: Set video memory to 128 MB and enable 3D acceleration
First boot. Start the VM. The default credentials are username kali and password kali.
Change the default password immediately. Open a terminal in Kali and run passwd to set a new password. Then run sudo apt update && sudo apt upgrade -y to update all packages.
Take a clean snapshot. After updating and configuring Kali, go to Machine > Take Snapshot in VirtualBox. Name it “Clean install - updated.” This gives you a known-good state to return to after any experiment.
Setting Up Vulnerable Targets
Section titled “Setting Up Vulnerable Targets”A cybersecurity lab needs targets to practise against. These are intentionally vulnerable systems designed for learning.
Metasploitable 2 is the most popular vulnerable target. It is an Ubuntu-based VM loaded with dozens of exploitable services. Download it from SourceForge and import the VMDK file into VirtualBox by creating a new VM and attaching the disk.
DVWA (Damn Vulnerable Web Application) is a PHP/MySQL web application with intentional vulnerabilities at multiple difficulty levels. You can install it inside a VM or use a pre-built Docker image.
VulnHub (vulnhub.com) hosts hundreds of free downloadable VMs, each designed as a capture-the-flag challenge. These range from beginner-friendly to advanced.
Windows evaluation VMs are available free from Microsoft for testing. Download them from the Microsoft Evaluation Center. These 90-day trial VMs let you practise Windows-specific attacks and defences.
Network Configuration for Labs
Section titled “Network Configuration for Labs”Proper network configuration keeps your lab isolated from your real network and the internet.
| Network Mode | Internet Access | Host Access | VM-to-VM | Use Case |
|---|---|---|---|---|
| NAT | Yes | No | No | Downloading updates |
| Bridged | Yes | Yes | Yes | Avoid for labs |
| Host-Only | No | Yes | Yes | Recommended for labs |
| Internal Network | No | No | Yes | Maximum isolation |
Recommended setup: Host-Only networking. This creates an isolated network where your VMs can communicate with each other and the host, but cannot reach the internet or your local network.
To configure Host-Only networking in VirtualBox:
- Go to File > Host Network Manager and create a new Host-Only network (or verify one exists)
- For each VM, go to Settings > Network > Adapter 1 and set “Attached to” to Host-Only Adapter
- Select the Host-Only network you created
If you need to temporarily download updates, add a second adapter set to NAT, update the VM, then disable that adapter and take a fresh snapshot.
Snapshots and Backups
Section titled “Snapshots and Backups”Snapshots capture the complete state of a VM at a specific moment — memory, disk, and configuration. They are your safety net.
When to take snapshots:
- After a clean install and initial updates
- Before running any exploit or attack
- Before installing new tools or changing configurations
- After completing a successful lab exercise (as a known-good checkpoint)
Taking a snapshot: With the VM running (or powered off), go to Machine > Take Snapshot. Give it a descriptive name like “Pre-Metasploit test” or “Clean DVWA install.”
Restoring a snapshot: Right-click the VM in VirtualBox Manager, select Snapshots, choose the snapshot, and click Restore. The VM returns to that exact state.
Managing disk space. Each snapshot stores changes since the previous snapshot. Over time, this can consume significant disk space. Periodically delete old snapshots you no longer need by right-clicking them and selecting Delete. VirtualBox will merge the changes automatically.
Common Problems and Fixes
Section titled “Common Problems and Fixes”VM will not start. The most common cause is virtualisation not being enabled in BIOS/UEFI. Restart your computer, enter BIOS settings, and enable Intel VT-x or AMD-V. On Windows, also ensure Hyper-V is not running simultaneously with VirtualBox.
Slow VM performance. Allocate more RAM (at least 4 GB for Kali). Ensure your VMs are stored on an SSD rather than a spinning hard drive. Close unnecessary applications on your host. Reduce the number of VMs running simultaneously.
Network not working between VMs. Verify all lab VMs are on the same Host-Only network. Check that the Host-Only adapter is enabled in each VM’s settings. Inside the VM, run ip addr (Linux) or ipconfig (Windows) to verify the adapter has an IP address.
Poor screen resolution. Install VirtualBox Guest Additions inside the VM. In Kali, run sudo apt install -y virtualbox-guest-x11 and reboot. This enables dynamic screen resizing and shared clipboard.
Apple Silicon Mac users. VirtualBox does not run reliably on M1/M2/M3/M4 Macs. Use UTM (mac.getutm.app) instead, which supports ARM-based virtual machines. Kali provides ARM64 images specifically for this purpose.
Next Steps
Section titled “Next Steps”With your VM lab running, you are ready to start hands-on cybersecurity practice. Move on to building a complete home lab environment, or jump straight into guided practice on platforms like TryHackMe and HackTheBox. For a personal walkthrough of what that first setup experience actually looks like, see How I Set Up My Home Cybersecurity Lab for Free.
More resources
Official download page for VirtualBox and the Extension Pack.
Kali Linux Virtual MachinesPre-built Kali VM images for VirtualBox, VMware, and UTM.
VulnHubHundreds of free vulnerable VMs for capture-the-flag practice.
UTM for macOSRecommended virtualisation solution for Apple Silicon Macs.
Frequently Asked Questions
How much RAM do I need to run a cybersecurity VM lab?
A minimum of 8 GB of system RAM is required to run one VM comfortably. For running two or more VMs simultaneously (such as Kali Linux and a vulnerable target), 16 GB is strongly recommended.
Can I set up a cybersecurity lab on a Mac with Apple Silicon?
Yes, but you cannot use VirtualBox. Apple Silicon Macs (M1, M2, M3, M4) require UTM, which supports ARM-based virtual machines. Kali Linux provides ARM64 images designed for this purpose.
Is VirtualBox safe to use for cybersecurity labs?
Yes. VirtualBox creates isolated virtual environments. As long as you use Host-Only or Internal networking, your VMs cannot access your real network or the internet, keeping your host system and network safe.
What is the difference between an OVA and an ISO for Kali Linux?
An OVA is a pre-built virtual machine image you can import directly into VirtualBox -- it is ready to use immediately. An ISO is an installation disc image that requires you to manually install the operating system. For beginners, the OVA is the faster and simpler option.
Do I need to pay for any software to set up a cybersecurity VM lab?
No. VirtualBox, Kali Linux, Metasploitable 2, DVWA, and VulnHub machines are all free. You can build a fully functional cybersecurity lab at no cost.
Now that your VM lab is set up, the next question is what to practise in it. This tracker gives you a structured sequence of hands-on exercises that build on each other.
Career Roadmap & Study TrackerAvailable Now
Step-by-step roadmap with study tracker worksheets and certification decision framework.