Recommended Tools

This page was created to provide my recommended list of utilities and tools that I personally use when setting up a cybersecurity laboratory. Everything you’ll see on this page was well researched and still in use by me and my colleagues. This way you can quickly find the utilities, tools, and products on one page.

Is very important to know the basics of how to use these utilities and the reason why you need them.

For example, I highly recommend you get a VPN service in order to hide your real location when performing pentesting for a client. This way you can replicate as close as possible a real scenario where your client is being hacked and they are trying to locate you. Sometimes I even use it to do research on websites based on geolocation as sometimes you get limited or no content based on your physical location.

Also, is good to have handy where to study or refresh your knowledge for a certification in case you need it to keep your credentials up to date.

Hardware

I recommend that you get your Macs or PCs where you can get the most savings. I’m currently researching where to buy them online with the most savings and discounts so that I can pass this savings to you, but for now, you can buy them where I buy them.

MacBook Pro or iMac station – I’ve been using Mac equipment since the early 90’s and I use them, especially the MacBook Pros, for their durability and ease of use. You can find them New, Used or Refurbished with warranty from Amazon. Their price can vary according to their condition.

MacbookPro 1

My MacBook Pro

 

MacbookPro 2

This is how I use my Lab every day in my Home Office

Laptop or Desktop – If you prefer to use a Laptop or a Desktop in your lab setup, then make sure you can have them both running on Windows and Linux. This will allow you to adapt the equipment for any type of research you are working on. Some members of my team prefer Dell for both the Laptop and Desktop. They always get them either New, Used or Certified Refurbished from Amazon. They like these models due to their durability and response time. Time is very important when doing research.

Seagate Backup Plus Slim – It is critical that you always have an external disk for backups and storage. I usually don’t use those bulky disks. That is why I always use the Seagate Backup Plus Slim. I use the 1TB version as this is more than enough for me, but if you like to make and store videos, then you should consider anything larger than 1TB. It works with all Operating Systems: Windows, Linux, and OSX Mac.

Seagate Backup Disk

The Seagate External Disk on top of my MacBook Pro

Foldable Tablet / Phone Stand  – I always use a foldable stand for my phone. When I receive phone calls or video calls, I can have my cell phone ready for videoconferences. This way I don’t need to constantly hold my cell phone with my hands. It works well with any tablet, even the 12″ iPad. The stand that I use is very durable, has two folding points (most come with only one folding point) and does the job. When I look for a stand for my phone, I have to make sure that the contact points between my phone and the stand are isolated, meaning that there is no metal contact between each other to avoid any friction or scratches. The only one at a reasonable price that I found and bought was the Nulaxy Foldable Tablet / Phone Stand.

Phone Stand 1

My phone stand

 

Phone Stand 2

This is how it looks with my phone

Apple AirPods – I’m always using them no matter what for. I use them while writing my blog posts, or when I’m on a phone call or on a video conference. Even when I’m cooking while listening to my favorite music or watching TV on my tablet.

The AirPods are compatible with Android devices. I have an Android tablet and I use it for when I want to test some applications, do some research or stream some of my favorite shows.

My Android Tablet

My Android Tablet together with my Foldable Stand and AirPods

I use my AirPods exclusively. They charge really fast and are my best companions to keep me either focused at work or entertained.

AirPods

My AirPods on top of my MacBook Pro

Applications

The preferred Application for professionals to create a virtual environment from lab setups to virtual Computer Rooms is VMware. I have been using it for years to deploy system applications and to create virtual servers based on templates. Personally, I use it in my lab to create virtually anything from desktops and servers to firewalls and routers.

VMware Fusion Pro – For my Mac, I use VMware Fusion Pro to create what I need at a moments notice. You can download the trial version for 30 days to try it out and see for yourself. The Pro version allows you to create VM’s with expiration dates. I use this for when I teach noobs. Also, the Pro version allows you to create custom networking configuration. I use this for testing with new Intrusion Detection System (IDS) scripts or when performing Penetration Testings with my client’s network among other things. 

VMware-FusionPro

VMware Workstation Pro – This is the version I use for my Windows Laptop and Desktop. For Windows, there is only the Pro version. Although there is a Player version, it only provides very limited functionality. 

VMware Workstation Pro

 

VPN Service For Private And Secured Connection

I use a VPN service for cloaking my real IP Address. Below you’ll see information about your current computer, which browser you are using, your IP Address which tells me where you are right now and your computer screen. I can use this information to trace you back to wherever you are now but don’t worry, I won’t. I can’t speak for anyone else though.

To prove that the IP Address indicated in the above screen is the same one you are currently using, just open a new tab and go to Google search and type “my ip address”. Google will immediately tell you what is your current IP Address, which should be the same as the one indicated above.

PIA-logo

Private Internet Access or PIA – This is the VPN service I use. They offer advantages for the cybersecurity professional such as IP cloaking. This means that you are hiding your real IP Address from the destination you are connecting to. Yes, you can get this from any free VPN service, but you are forgetting two important things: speed, and availability of service. PIA is one of the few that won’t slow you down. No matter if you are physically located in the U.S. and need to connect to a VPN server in France, the speed is still great to perform your task at hand. They offer their services starting at a very low monthly fee. Also, they offer a wide variety of IP ranges per region. These means that you won’t have to worry about speed on the VPN server you are connecting to and you will always have an IP address available when you need it the most.

Check out my detailed explanation about VPN by clicking here.

Hosting Your Own Virtual Private Server (VPS)

a2hosting banner

a2hosting for VPS – For a very low monthly fee, hosting your own server can bring you many advantages when it comes to performance and independence of resource management. One reason I incorporate this tool into my cybersecurity lab is for when I need to test a new vulnerability that I’m researching on a server, among other projects. Here you can choose any OS on their list and the version for that OS. Another advantage that this host has over the competition is the access to your root account. Other hosts might give you an access, but they still keep a “key” to remotely access your server, which is embedded into the image you choose to install on their servers. With a2hosting your root access is yours and yours alone.

For your website hosting services, I recommend you use a2hosting for WordPress to host your website. They have a shared hosting package starting at a very low monthly fee. I use the “LITE” Package. This option is great when starting a business or any project as you only require one domain. It includes an optimized WordPress server and you can also choose your preferred domain name. You can scale your website package later based on the traffic it receives.

Certifications

Pluralsight

Pluralsight – The most highly recommended online company to study for your certifications. Remember that the required entry-level certifications to practice as a cybersecurity specialist includes A+, Security+, Network+ and Linux+. The required hands-on experience that interviewers will require from you is as Level 2 support also known as Desktop Support. Having this experience and the above-mentioned certifications can open doors for you for an entry-level position. Pluralsight offers tutorials about every detail when it comes to learning the insights of a system you are looking to get certified. You can even sign up for a free trial and see for yourself. 

Password Protection

LastPass

LastPass – Password protection is very important for everyone. Every single laptop, desktop, smartphone or storage device will have information about us in some way or another. Things can get complicated when we create multiple accounts to access our bank statements and transactions, email accounts, Facebook, Twitter, Pinterest, Instagram… and the list goes on. Our brains can only store so much.

Well, there is a way to keep track of your passwords and then some. It doesn’t matter what type of management you require for your passwords, you can have it stored secured in one place. The way this works with LastPass is that it stores your passwords in the cloud using a very secure encryption. You just have to memorize one password known as the “Master Password” to gain access to your password management application (LastPass) and in there you manage all of your passwords. It allows you to do the following:

  • New passwords – Create new passwords with an auto-generator. You can customize the options based on the application or website condition for passwords. Some websites don’t allow certain characters or only allow a minimum amount of characters, for which you can set this up while creating a new password with the auto-generator.
  • A password for every account – You can provide a different password for every single application you use. This way, if one system gets hacked, for example, any social media account then your other systems are protected because your passwords are different on your other accounts.
  • Account sharing – Many of us have a business which requires to provide access to employees or temporarily to someone into one of our systems. With LastPass, you can share your account without sharing your password and you can also provide an expiration period for such access or revoke the access manually. Just add an email from the person you want to share your account with and LastPass will take care of the rest. This is useful for Enterprises, Small business owners, bloggers, individuals, in fact, anyone.
  • Emergency access / Power of Attorney – Many of us forget to plan for the unthinkable. You need to trust someone to have access to all your digital assets if anything should happen to you. This can be done by providing access for someone you trust and granting access for either a specific period of time or an unlimited period of time.

When you compare LastPass with the competition, you will see that LastPass offers all of this for what I think is a bargain price. You just pay a small monthly fee and in exchange have peace of mind when managing all the most sensitive of information from your digital assets. I suggest you pick the enterprise version as it provides the most value for you. The cost is the same as the Family plan, plus you get much more, including all the management features I just mentioned and a customer support at an enterprise level.

You can start a free trial period with LastPass and try it out.