A cyber security home lab is where knowledge becomes skill. Reading about how Nmap works is useful. Running Nmap against a real target in an environment you control is what builds the practical ability that employers test for in interviews.
Here is what most guides do not tell you: in 2026, you do not need to build a local lab at all. TryHackMe gives you a fully configured attack machine, vulnerable targets, guided scenarios, and a public profile tracking your progress, all in a browser, for free. No hardware requirements. No VM configuration. No network setup. Just open a room and start hacking.
This guide covers both approaches: the browser-based route that works immediately, and the local VM setup for those who want to go further. But the honest answer for most beginners is that TryHackMe replaces the local lab entirely until you are well past the foundations stage.
What Is a Cyber Security Home Lab?
A cyber security home lab is a self-contained environment where you can safely practise offensive and defensive security techniques on systems you own and control. The NIST NICE Framework identifies hands-on practice in controlled environments as a core pathway to developing cyber security workforce competencies.
In practice, this means having an attack machine (Kali Linux is the standard choice), one or more deliberately vulnerable target machines, and a network configuration that keeps everything isolated from your real home network and the internet. You attack the targets, investigate what the attacks look like in logs, and reset everything when you are done.
The lab is where interview answers come from. When a hiring manager asks "give me an example of a vulnerability you have found and exploited," your lab work is what you describe.
Do You Need Hardware to Build a Cyber Security Home Lab?
No. And for most beginners, the answer stays no throughout the entire foundational learning phase.
The traditional home lab approach requires a computer with at least 16GB of RAM, a virtualisation platform, and time spent configuring network settings, installing operating systems, and troubleshooting the inevitable issues that come with running multiple VMs simultaneously. TryHackMe removes every one of those requirements. The AttackBox is a fully configured Kali Linux environment running in your browser. The targets are pre-built and pre-deployed. The network is already isolated. The tools are already installed.
Every capability that a local lab provides, TryHackMe provides in a browser: network scanning with Nmap, web application exploitation with Burp Suite, Active Directory attacks, privilege escalation on Linux and Windows, packet analysis, SIEM investigation. The difference is that TryHackMe works immediately, on any machine with a modern browser, without spending hours on setup that does not teach you anything about cyber security.
The local lab setup guide further down in this article exists because people search for it and it is useful context. But for most beginners, the answer to "how do I build a cyber security home lab" is: create a free TryHackMe account.
How Do You Start a Browser-Based Home Lab for Free?
TryHackMe's free account gives you everything you need to begin:
One hour of daily AttackBox time: a browser-based Kali Linux environment with all standard security tools pre-installed, no configuration required. Hundreds of free rooms covering networking, Linux, Windows, web application security, and OSINT fundamentals. A public profile that tracks and displays your progress, visible to employers.
The Pre Security path is the right starting point for complete beginners. It covers networking fundamentals, Linux and Windows basics, and introductory web security in a structured sequence, each room building on the previous one. Work through it and you will have the foundational knowledge that makes every subsequent lab exercise more meaningful.
The Cyber Security 101 path extends the foundations into core security concepts across both offensive and defensive domains. After these two paths, the specific content you go deeper on depends on which direction you want to develop toward.
Free OpenVPN access means you can also connect your own machine to TryHackMe labs if you have a local Kali installation and want to combine both approaches.
How Do You Build a Local Home Lab If You Want One?
TryHackMe covers everything a beginner needs in a browser. But some practitioners want a persistent local environment for more advanced work: custom network configurations, Active Directory labs with multiple Windows machines, or scenarios that require tooling that runs best locally. If that is where you are heading, here is how to set it up.
You can start for free using VirtualBox with Kali Linux and Metasploitable 2 on any computer with 8GB of RAM. 16GB is more comfortable if you want to run multiple VMs simultaneously.
Step 1: Install a virtualisation platform
VirtualBox is free, open-source, and works on Windows, macOS, and Linux, making it the best starting point for beginners. Download it from virtualbox.org. VMware Workstation Player is also free for personal use and offers slightly better performance, but VirtualBox has more community documentation, which matters when you get stuck.
Before installing any VMs, enable virtualisation in your BIOS/UEFI settings. Look for Intel VT-x or AMD-V in your CPU settings and enable it. This is a common source of "why won't my VM start" frustration and worth checking before you go further.
Step 2: Install Kali Linux as your attack machine
Download the Kali Linux VirtualBox image from kali.org. Import it via File > Import Appliance. Allocate at least 4GB of RAM and 2 CPU cores. Default credentials are kali/kali: change the password after first boot.
Take a snapshot immediately after installation and setup. In VirtualBox: Machine > Take Snapshot, name it "Clean Install." This is your restore point. If anything breaks, you can return to a clean state in seconds.
Step 3: Add a vulnerable target
Metasploitable 2 is the standard first target. It is a deliberately vulnerable Linux VM running misconfigured services across FTP, SMB, HTTP, and databases, each with known exploitable vulnerabilities. Download from sourceforge.net/projects/metasploitable/.
DVWA (Damn Vulnerable Web Application) covers web application vulnerabilities specifically. Run it in Docker:
bash
docker run --rm -it -p 80:80 vulnerables/web-dvwa
VulnHub provides hundreds of community-created vulnerable VMs at every skill level. Download a machine rated "beginner" or "easy" and import it into VirtualBox.
Step 4: Configure isolated networking
This is the critical step. Both Kali and your vulnerable targets must be on the same isolated network, completely separated from your home network and the internet.
In VirtualBox: set both machines' network adapters to Host-Only Adapter, or create a NAT Network and place both machines on it. This keeps them isolated while allowing them to communicate with each other. A vulnerable Metasploitable instance sitting on your home network is a genuine security risk. Isolate it before powering it on.
Step 5: Take your first snapshot and start practising
With Kali and Metasploitable running on an isolated network, run your first Nmap scan from Kali:
bash
nmap -sV -sC 192.168.56.101
Read the output. Identify what services are running and what versions. This is the enumeration phase of every penetration test, and it is where all practical offensive security work begins.
What Should You Practise in Your Home Lab?
| Skill area | What to practise | Tools | TryHackMe starting point |
|---|---|---|---|
| Network scanning | Host discovery, port scanning, service version detection, OS fingerprinting | Nmap | Pre Security path |
| Web application security | SQL injection, XSS, authentication bypass, IDOR, command injection | Burp Suite, DVWA, OWASP Juice Shop | Jr Penetration Tester path |
| Linux fundamentals | Command line navigation, file permissions, process management, privilege escalation | Kali Linux terminal | Pre Security path |
| Password attacks | Hash cracking, brute force, credential stuffing against vulnerable services | Hashcat, John the Ripper, Hydra | Cyber Security 101 path |
| Network traffic analysis | Packet capture, protocol analysis, identifying suspicious traffic patterns | Wireshark, tcpdump | SOC Level 1 path |
| Defensive monitoring | Log analysis, SIEM investigation, alert triage, incident response | Splunk, Microsoft Sentinel | SOC Level 1 path |
How Does TryHackMe Compare to a Local Lab?
TryHackMe is not a stepping stone to a local lab. For most learners, it is the lab. Every skill area in the table above has dedicated TryHackMe content, every tool runs in the browser-based AttackBox, and the guided structure means you are learning methodology alongside technique rather than figuring out both at once.
A local lab becomes useful when you want to build environments that go beyond what guided rooms cover: custom multi-machine Active Directory setups, persistent network configurations, or practice on your own tailored scenarios. That is an intermediate-to-advanced concern. At beginner level, TryHackMe provides everything you need.
Document everything you do regardless of environment. Every room you complete, every machine you compromise, is a potential writeup. A folder of professional-format writeups published on GitHub is portfolio evidence that gets you through technical screens before you have a single job title in security. Your public TryHackMe profile showing consistent progress is the verification layer that makes those writeups credible.
FAQ
Do I need a powerful computer to build a cyber security home lab? Not to get started. TryHackMe's browser-based AttackBox runs entirely in the cloud, so any computer with a modern browser works. For a local VM lab, 16GB of RAM is comfortable, and 8GB is the practical minimum for running two VMs simultaneously.
Is cyber security hard to learn as a complete beginner? The technical concepts are learnable by anyone willing to practise consistently. The mistake most beginners make is spending too long on theory without touching a live environment. Cyber security skills develop through doing, not reading. Start with TryHackMe's free account and complete one room today rather than reading another guide.
How long does it take to learn the basics of cyber security? With consistent effort of around ten hours per week, most beginners build a solid foundational understanding within three to six months. The foundations cover networking, operating systems, and core security concepts. Specialisation into offensive or defensive roles takes longer and develops through sustained hands-on practice.
What is the difference between cyber security and ethical hacking? Cyber security is the broad discipline of protecting systems, networks, and data. Ethical hacking (also called penetration testing) is a specific subset of cyber security focused on finding vulnerabilities by simulating the techniques real attackers use, with explicit permission from the system owner. All ethical hacking is cyber security, but most cyber security work is not ethical hacking.
What are the best free cyber security labs for beginners? TryHackMe's free account gives you immediate access to hundreds of guided rooms and one hour of daily AttackBox time. DVWA and OWASP Juice Shop are free vulnerable web applications for local practice. VulnHub provides free community-created vulnerable VMs for unguided machine practice. PortSwigger Web Security Academy is entirely free for web application security specifically.
Nick O'Grady