In this chapter, we look at setting up a lab environment for our penetration tests. Many of the tests should first be performed in this confined lab environment before attempting them in a production environment. Remember that you must obtain written permission when working on a live environment, as well as following all local laws when carrying out any stage of the penetration test on a network. It may also be a good idea to have a lawyer review any contract and engagement details before you commence to avoid any issues that may arise during or after the exercise. Some insurance companies also offer coverage to penetration testers in the event of unexpected damages.

To avoid running into legal issues and unnecessary expenditure as a result of penetration testing, it's highly recommended that you build a test environment, whether physical or virtual, in an effort to familiarize yourself with the tests and their results, as well as understand the impact of the tests on hardware, software, and bandwidth, as many of these tests are disruptive to devices and organizations.

We will cover the following topics in detail:

• Setting up a Windows environment in a VM
• Installing vulnerable servers
• Installing additional tools in Kali Linux
• Network services in Kali Linux
• Additional labs and resources