Ethical Hacking where to start?

Prolly something is hidden in the picture? Maybe…

@perkelator Seriously, don’t worry too much about this advice for now, you are talking about building a ‘labs’ environment. The VM’s you deploy will not be doing much work, the key is to store them on an SSD and to be able to give them enough RAM. In the past I have needed to run 6 + Windows VM’s (domain controller, web server and SQL Server cluster) all on a dual core laptop with only 16GB. It’s not pretty but It’s perfectly doable if they are just sat there not doing much apart from of authenticating/rejecting access requests etc. It’s plenty to give you an overview of AD & Kerberos, and how pass-the-hash and SQL Injection type attacks work etc.

As far as books go I thought ‘Black Hat Python’ was a good introduction to Kali Linux and pen-testing.

NOTE - I am not a pen-tester, my company pays mega-bucks for sneaky consultants** to do that kind of thing for us (else we would just be marking our own homework), my job is to make sure Solution Designs I approve just follow the usual best-practices for performance, security & scalability etc.

** It’s really embarrassing when they hand you a simple password you used a temporary measure and then forgot about…