Questions about tools for learning

I have yet to find a clear answer, and maybe there isn’t one, but I want to do this right and stay safe.
I presume that having a separate laptop to learn ethical hacking is the best option. It might not be in my budget at this time. So can i use my personal laptop? Is using virtual machine safe enough? I have 2 hard drives in my laptop, would booting into the extra hard drive with Linux be safe enough? and still use the first hard drive to do normal daily person things?

I use my desktop for everyday stuff and gaming, I just use the laptop when I am traveling, but I do log into everything from facebook, to bank acct, all my emails, gaming stuff.

A lot of what I find in regards to this question say to use a separate machine, so “the cops can’t find you”. I plan to only practice legal and ethical things, and I am taking courses, so I am not as worried about getting in trouble as much as I am worried about opening myself up to threats.

Unless you’re explicitly doing malware work on forensics on real/active threats like infected binaries there’s no real “safety” to worry about. For instance no machine/challenge here on Hack The Box poses a threat to your computer or contains actually malicious files.

A VM is not a bad choice though, but for more practical reasons: It keeps things tidy and collected and it prevents your computer from becoming flooded with tons of new applications you will only use for specific tasks/once in a while.

I do 98% of all my ethical hacking/CTF/etc on my Windows 10 desktop, and run WSL with Kali for access to linux environment and tools. (I use a separate Windows user for gaming and everyday use, but that’s just because I prefer to keep things separate/not clutter my desktop and Start menu on my regular user).

The only VM I have is a Windows 10 Evaluation edition with networking disabled that I use for malware analysis/development, setup according to the recommendations in the Malware Analysis for Hedgehogs course.

As long as you’re working with white hat/controlled challenges, machines and curriculums you’re fine. If you encounter/work with live malware samples there will be plenty of warnings beforehand telling you to not run them on a live/connected machine.

1 Like

Thank you!