Until recently, I had always run my Virtual Machine labs (SANS courses, CTFs, Hackthebox, Vulnhub, etc..) on a physical host with a general purpose operating system (Windows, macOS, Linux). However, the limitations of using VirtualBox, VMWare Fusion, Workstation Pro, etc.. become very clear when setting up a more complex lab with its own special networking requirements (especially a span or mirror port). I hope this post is useful for others like me who wanted to take the homelab jump, but did not know how to get started.

There is also the matter of Reverse Engineering Malware (REM) work that benefits immensely from running traffic across a real IDS (Disconnected from the internet of course!) Its a more mature environment, but one that was intimidating given the number of support posts related to getting ESXi working on unsupported hardware. Thankfully, after more hours of research and asking the kind folks on the SANS mailing list, I had a better idea of what to look for.

My criteria: Workstation form factor PC that is capable of running 4-5 Virtual Machines for light InfoSec work (IE: pfSense, Windows Server (as a DC), A Windows client or two).

My budget: Approximately $250, I figured this would at least get me a 4 Core/8 Thread processor, a decent amount of RAM, and if ESXi/vSphere Hypervisor did not work I could repurpose the machine for something else.

In looking at workstations, I found that Xeon based workstations with Intel NICs usually had the best compatibility. For these reasons, I narrowed my search down to HP Z Series Workstations and Dell PowerEdge towers. I also found this extremely useful presentation/slide deck by Jeff McJunkin called (Building a kick ass home lab).

Now that I had my requirements and budget, I needed to find a place that sold used workstations. $250 was not going to get me the latest hardware and you need to expect a machine with several years of use and likely sold to a third party reseller after a company did a hardware refresh/end of life for their corporate workstations.

Note: Don’t be too concerned about old hardware, it should be plenty for this use case. Secondly improvements in CPU performance year-over-year have slowed down tremendously over the past decade. Intel has been stuck on 14nm chips for almost five years!

I found the best deals on eBay and the following subreddits (/r/homelabsales) and (r/hardwareswap). I recommend doing an advanced search on Reddit and sorting by “New” to get an idea of prices on the gear you want. My experience was that Reddit had better deals, but you can get lucky on eBay with enough persistence.

What I ended up buying: An HP Z420 with a 4c/8t Xeon Processor (Sandy Bridge), 20GB of DDR3 ECC RAM, and 500GB of spinning rust - $150

I took out the 500GB HDD and replaced it with a spare SSD I had lying around and purchased a 480GB Kingston SSD from Amazon. So approximately $200 for a solid performing workstation.

After seeing what was possible with ESXi, I quickly became greedy and realized that 20GB of RAM and a 4c/8t CPU was not going to cut it. Back to Reddit and eBay!

This is fun and addictive

My next two acquisitions were an Xeon E5 2660 v1 /w 8c/16c for $30 shipped via Reddit and another pair of 8GB ECC DIMMs for $70. Now I am up to $300, but feeling comfortable about the amount of space I have to work with!

Here is what I have running so far and after some trial and error with learning ESXi, I feel comfortable with this setup. The screenshot below is with all VMs powered on and at idle.

I hope to expand on this post via a lessons learned; and how I configured pfSense to isolate my VMs from the rest of my network and vice versa. Now get out there and learn and don’t be afraid to break things in your lab!