🛡️Practical Web Application and Security Testing

There is some base knowledge you should have before attempting to go through this course:

  • Command Line knowledge

  • How networks work (very basic knowledge)

  • Some familiarity with Linux and Python

  • Feel comfortable with how servers and web apps work

  • Have a machine with enough memory, disk storage, and CPU to run multiple VMs at once.

Setup for Apple M-SeriesChip users

The course is Windows-centric in that it gives tools that work well for Windows. There are still tools shown in the course for Linux and macOS like VirtualBox, but Virtualbox does not have a VM solution for Apple ARM devices running the M-Series chips.

In this entry I will show you were to get the tools you need to virtualize your lab on an M1 Mac.

VM Solutions

VMWare has a solution called VMWare Fusion that has an M1 client you need to license but can use for free. It is a good, robust solution for many things, and if you have a powerful M2-M3 Max and/or Ultra chip in your Mac, I would suggest using this; it just has more features.

For us M1 plebs, however, there is a simpler solution that is lightweight enough to run on the M1 called UTM, which uses Apple's new-ish virtualization framework.

The OSes You'll Need

UTM has its own gallery that you can browse to install most of the vms used in this course. However, an iso is probably your best bet. There are two vms you'll need isos for:

  • Kali Linux

  • Ubuntu Server

On the Ubuntu Server, you will install Docker, which is another piece of software we'll need for this course.

You can download the ISO of Kali Linux on their website or directly from the links below:

You can download Ubuntu Server on their website which will take you to the page for the correct architecture. If you download the wrong ISO file, say AMD64 instead of ARM64, these ISO files will not boot.

Installing Kali Linux

This tripped me up a bit. I watched a YouTube video on it but found that Kali has documentation on how to install Kali inside of UTM, which you can find on their documentation page. If you're still stumped, I've linked the video below.

Last updated