Category Archives: Tools

Operating System Protection


Operating System Protection

With the ever changing landscape of potential operating system risks the challenge to secure any one computer becomes more and more difficult.  Operating systems have gone through an enormous change in recent years as the operating system isn’t highly dependent on installed software. The evolution of the browser has given users the ability to access large resources on other computers more readily in day to day usage via multiple API calls.  With these malicious API calls the need for more protection at this level is becoming more critical.  With the dominant website vulnerabilities being Injection, Broken Authentication, and Cross-site scripting the ability to secure an operating system has to be solved with a sophisticated solution.  There have been many different solutions to try and tackle the multiple issues with viruses and malware infecting computers.  Some of the best solutions to this heavily debated problem are Microkernel Kernel OS, Trusted Platform Module, and user based protection.

When examining creation of secure operating systems, one has to take into account the Microkernel Kernel secure OS’s, we can see how this is an ever evolving solution.  From projects such as the IBOS, Illinois Browser Operating System to the secure microkernel project (sel4).  The theory of microkernels according to (CSIRO, n.d.) says,” a bigger system has inherently more bugs than a small system.”  Taking into account for every thousand lines of code there are an average amount of bugs that can be introduced. The kernel is always apart of the trusted computing base and minimizing this allows for a smaller TCB which is a smaller kernel. Which leaves for a more secure operating system.  Another noteworthy advantage of using Micro kernel operating systems is there potential in solving the availability component of the CIA triad.  If a service fails other services will be able to work without crashing also, (Abualrob, 2012).  The downside to the secure OS or microkernel is the performance loss.  Because every request needs to go through the kernel the system would make exponentially more calls than a monolithic kernel based OS.

Another solution to the security issues that operating systems face is Trusted Platform Module or TPM.  TPM is actually a chip that was created by the TCG group, which is made up of industry leaders. (Kleyman, n.d.) states, “The TPM contains several Platform Configuration Registers (PCRs) that allow secure storage and reporting of security-relevant data (unauthorized changes to the BIOS, possible root-based modifications, boot-sector changes, etc).” The ability to have vendors collect data about OS behavior based on possible harmful changes can greatly decrease unsecure practices.  However, this is also the disadvantage of the TPM chip as many users are weary of how the vendor may use this information and its somewhat invasion of privacy.  TPM if implement is best implemented with other layers of security this isn’t a standalone solution.

Users have seen many changes in protection in OS’s. Many solutions dare stand the test of time.  One of these solutions that has still been around is antivirus based protection.  Which when done correctly offers many benefits.  Antivirus software that scans a computer has been around for quite some time and was the go to method for operating system level security for years.  Its benefits are the ability to prevent known virus’s and malware based off of a signature that is known.  If there is a known virus in the wild and a security professional has alerted the necessary vendors, then another user will share that knowledge and be prevented from the same attacks.  Granted that users are continually updating their antivirus software definitions.  Disadvantages to using this method alone to secure an operating system are customization of attacks. Attackers have evolved with the security methods.  If an attack isn’t known or in the definitions database, it won’t be stopped.

User based protection is a great method of making sure that a non-privileged user cannot execute code against critical parts of an operating system.  A perfect example of this would be in Windows OS using the UAC or user access controls.  The benefit is that a user of the operating system will be notified when a significant change to the operating system is about to occur.  The user would then need to allow this function to continue.  As this is a great way of being able to hand pick which applications are allowed to modify parts of the OS, the concepts start to breakdown when understanding modern computer usage.  The amount of calls that are being made to modify critical parts of the operating system are very high.  The notifications decrease the usage of the operating system.  Also educating users to be able to understand what’s a good modification and what is a bad modification becomes quite a challenge.

As all approaches to secure operating system take a unique look at what the user will use the OS for.  The implementation of many of these are very unrealistic and corporate environments.  However, with ease of implementation the approach needs to be on Hybrid Kernel approach.  This approach instead of loading the whole thing into memory, core modules are loaded dynamically to memory on demand. One disadvantage is that a module may destabilize a running kernel.


  1. Hybrid Kernel with performance being easier then MicroKernel or Monolithic by themselves if you could deal with it would be the most secure.
  2. TPM chip in conjunction with other security measures if you trust vendors.
  3. Trusted Computing Antivirus software file protection with its ease of implementation and great track record.



Abualrob, M. (2012, November 17). Microkernel vs. Monolithic os architectures. Retrieved from

Anderson, R. (2008). Security engineering – A guide to building dependable distributed systems(2nd ed.). New York, NY: John Wiley & Sons Publishing, Inc.

Beuchelt, G. (2013). Computer and information security handbook. Boston, MA: Morgan Kaufmann Publishers.

CSIRO. (n.d.). sel4 secure embedded l4 ssrg | data 61. Retrieved from

Kleyman, B. (n.d.). Weighing the pros and cons of the trusted computing platform. Retrieved from


Intrusion Detection System

Intrusion Detection

If someone asked how they would get started with intrusion detection.  The first thing you would need to know whether they wanted to just detect threats or detect and block.  An IDS or intrusion detection system is the ability to monitor if an intrusion has happened.  This is considered a passive type of system.  An IPS or intrusion prevention system extends the IDS by allowing it to not only detect but block detected attacks (Palo Alto Networks, 2016).  These systems although very closely related are very different and understanding the benefits will be the first way of getting closer to selecting a appliance.

Also knowing if you needed an appliance to sit inline or outside the direct line of communication to your network is also important.  IDS sit out of the direct line of communication while IPS sit directly inline.  This matters greatly due to how the IPS will detect based off of rules like a firewall in reverse.  Enterprise firewalls allow specific packets and deny everything else.  IPS will see a packet and look down a list of rules to deny and then finally allow a packet.  An IDS will look at specific points in the network.   You can compare the IDS to a protocol analyzer that returns excruciating amounts of detailed information about a network given the security engineer more granular visibility (Snyder, n.d.).

My recommendation would be to stay away from the hybrid appliances that combine the two concepts of IPS and firewall.  Unless you’re only trying to protect a small set of computers on a network much like a small branch office.  An IDS will allow you to have more visibility while the IPS gives more control overall.

Top 3 Free IDS Software Applications

  1. SNORT






3. Bro



Palo Alto Networks. (2016). Retrieved from

Snyder, J.Retrieved from

Vacca, J. R. (2013). Computer and information security handbook. Amsterdam: Morgan Kaufmann Publishers is an imprint of Elsevier.


SSO Solution – RSA / SecureAuth / Centrify

As the tides change on companies thoughts around single sign on or Identity Provider Systems.  The more companies come up with different variations of solutions.  This can cloud the decision making process a bit.  The point of this article is to provide a perspective that you should use when selecting the right one for your company or business.  Also while doing my own research I’ll provide the one’s I’ve found to be better then others.

What features are offered in a Single Sign On Solution?  These seem to be the consensus of features offered by industry leaders.

  1. Ability to authenticate internal users to Active Directory.
  2. Ability to authenticate external users to Active Directory.
  3. Password Reset Portal
  4. Mufti-Factor Authentication
  5. Mobile Management
  6. SAML 2.0 / Oauth
  7. On-Premise / Hosted Solution
  8. Ability to add internal application systems.



1.True On-Premise Solution offering both Virtual Machine and appliance based solutions
2. Password Reset Portal
3. Works with SAML, SAML2.0, OAuth, OAuth2.0, and more.
4. Allows for internal application integration and also many cloud based applications.  Integrates with SharePoint, Salesforce, and Others to name a few.


1. Partially hosted solution.
2. Works with SAML, SAML2.0, OAuth, OAuth2.0, and more.
3. Allows for internal application integration and also many cloud based applications.  Integrates with Sharepoint, Salesforce, and Others to name a few.
4. Company doesn’t charge for internal applications to be added.
5. Comes with a mobile management piece included in the subscription price.

RSA – IAM Solution

1. On premise solution
2. Pilot program with new solutions.
3. Allows for internal applications to integrate and also many cloud based applications.
4. SAML 2.0  RSA was part of the conception.
5. There is a RSA authenticator application.

Android Hacking apps

android hacking


Recently I have played a game called watchdogs and it has inspired me to make a phone with as many hacking features as I can.

The First thing you would want want to do is root your phone. That allows you to gain full control over the Android operating system.  This will allow you to run apps that aren’t  in the Play Store. Most older phones can be rooted and Rom’d straight from the phone thanks to Dev’s like I use a Galaxy s4 and was able to do so from that site. then from there I installed Cyanogenmods app and installed a custom ROM and recovery. (For recovery i used clockwork mod and ROM is 5.1.1, make sure you install busybox, most applications need that to run)

After you install the flavor of Android you want you’ll want to start looking for some android applications.

  1. zAnti 2.2 – is a Network scanner, mapper and has some basic pen-test features also allows a little bit of MiTM basics to test with.
  2. Wifi Wps tester – scans for networks and has some basic wps and WiFi testing applications
  3. dSploit- a small metasploit for your phone can do basic recon and analysis work
  4. Shark for root- network packet capture. best to use it and then upload the file to your computer so you can have it read through either wireshark on computer or my personal favorite network-miner
  5. BitShark – one more app for packet capture.

( I will update the apps page as i continue to test more apps, some of them dont do what is advertised to i will add the ones that are useful)

These are a few of the basic apps i use currently i will post my Gdrive link for some of the Downloadable APK’s

Disclaimer : im not responsible for what you use these with. Practice on your home network to see which of your devices may be vulnerable or needing some security updates. its a good mobile testing platform to show you what is out there and what phones are capable of these days

Doxing info in .txt


First of all, let us start at the very beginning. 'Dox' is short for 'docs', which as you probably know is short for documents. You want to find the information (documents) on somebody and that's how the name is made. To start off, we will need a small 'guide' to keep our findings together. If you have read a guide on how to dox before or have tried it in the past, you will have already used something similar. 
Full Name:
IP address:
Home Address:
Phone Numbers:
Social Networks:

Usernames/Screen Names
If you know of this user online, then they probably have some sort of username from where you found them. This is probably the main step as getting other information may be difficult without knowing things like email addresses and real life information, which, you probably may not know if you are trying to dox them.

There are lots of different ways for you to get hold of your slaves email address. If the user owns a Facebook account, their email address may be inside the 'info' section of their account. Another popular method is using the slaves screen name in a quick Google search. Not only would this return many other accounts online, but also possible email addresses containing the screen name. There are plenty of other examples, but the email address can lead you to some main information.

If you know the name of your slave then you can find other information such as their address. You can use some of the sites which I have listed at the end of this small guide. Using these websites you can also find out their phone numbers that are registered with the address. Another method you can use is using the Facebook/Twitter location feature. If their location is posted every post, you can trace back to their home and add more juicy information to your dox. 
A popular choice when doxing involves IP addresses. Using a site like can get you far. There are hundreds of ways to get a users IP which I will go into in a different tutorial. Once you have the IP, you can reverse it to their home and get information about their ISP and more too. 

Social Networking:
Another extremely popular method is using Social Network Sites to your advantage. One persons life can rest within a single page so this can sometimes be your biggest tool. Let's take Facebook for an example. If you have the slaves email address, you can enter it into the search bar and it will link back to a user registered with it. You can also search for their name with a location you could have traced back from other social networking sites such as Bebo and Myspace.

Let's say that you have found some images on some social networking sites and you have added them to your dox, now what? You can find even more information by using something as easy to use as Tineye to reverse the image and find it on other sites. This can also help you find out if the user is real or fake. Google also provides a good image search, just drag the image in and let it do it's job. 
You may not always need an image of the actual user, you could also use their avatar and link it back to even more accounts. 

Useful Searching Sites

Misc. Search Sites:
25 Free People Search Engines to Find Anyone (UK) WhitePages Search: Archives Search: Social Network Searches: (Monitor twitter convos) Phone Information & Lookups: Public & Criminal Records Search: Once you have obtained all the dox of your target there are several things you can do. You can use them as black mail, threaten to post them everywhere if you don't get what you want. You can just be an asshole and post them everywhere and send your target the link or use that information to gain access to something thats theirs such as a xbox live account. There are many different things you could do, some of which I'm not allowed to talk about.




A Valid SSL Certificate for Every IP Address enables developers to equip their servers with valid SSL certificates for free (on the downside, the server’s URI will be an awkward mash-up of the server’s IP address and the domain, e.g. Two components make this possible: a custom DNS (Domain Name System) backend that resolves hostnames to an embedded IP address (e.g. resolves to, and an SSL key and wildcard certificate downloadable from GitHub.



Good tutorial on DNS enumeration, which is the process of locating all DNS servers and DNS entries for an organization. DNS enumeration will allow us to gather critical information about the organization such as usernames, computer names, IP addresses, and so on

How to stay invisible on the internet – Work in progress






If you’re using a popular webmail service, such as Gmail or Yahoo Mail, and you don’t or can’t make the switch to a more secure service, then consider installing Mailvelope. Mailvelope is a browser extension for Google Chrome or Mozilla Firefox that brings OpenPGP encryption to your webmail service. Similar extensions exist, such as SecureGmail, which encrypts and decrypts emails you send through Gmail. Using this extension means the unencrypted text should never reach Google servers. Recipients will need to install the extension in order to decrypt and read the encrypted email.

This is perhaps one of the most basic privacy options that just about anyone can take advantage of. The top four most popular browsers – Google Chrome, Internet Explorer, Mozilla Firefox and Safari – have a private browsing mode, which can be found in their respective settings menus. With private browsing activated, your browser will not store cookies or internet history on your computer. This has very limited uses and is perhaps really only effective at hiding your browsing history from your significant other, siblings or parents. Private browsing does not securely hide your identity or browsing activities beyond your local machine as your IP address can still be tracked.
Photograph: Kimihiro Hoshino/AFP/Getty Images

The amount of personal data that social networking sites like Facebook, Google Plus and Twitter have harvested from their billions of users is shocking. Head to and click ‘Download a copy of your Facebook data’ and you might be surprised to see just how much information is on file. Everything from who you have poked, what events you have or have not attended and when and where you have logged into your account is logged and saved. Similar levels of data harvesting occurs on all major social media sites. This is the price you pay for using a ‘free’ service. The only sure-fire way to avoid giving up this information is to delete your accounts entirely. A word of warning, ‘deactivating’ your account is not the same as deleting it. Deactivating your account is sort of like putting it into hibernation – all your information is stored and can be re-activated if you have second thoughts. Always delete rather than deactivate an account if you wish to completely wipe it.
ghostery logo

A large amount of websites track and collect the browsing habits of the users that visit them. These trackers are invisible and most people aren’t aware that they’re being tracked. Ghostery is a free browser extension – available on all major web browsers – that will reveal these trackers, also known as web bugs. You can then decide which web bugs you’re comfortable with tracking you and which ones you’d like to block. In total, Ghostery keeps track of over 1,900 companies. Each company has a profile in the Ghostery Knowledge Library, allowing you to better understand who and why someone is keeping tabs on you and what action you would like to take.

Most of the well known and popular email services – Gmail, Hotmail, Yahoo Mail, Outlook – are not particularly privacy-friendly. For full Pretty Good Privacy (PGP) encrypted emails, consider signing up to a more secure provider. Hushmail is currently very popular, it provides a private email account with no ads, built-in encryption and unlimited email aliases. A limited free service is offered, with more features available for a monthly subscription fee. However, Hushmail is not above the law and in the past it has been forced to reveal user data to U.S. authorities following a court order. The company also logs user IP addresses. MyKolab is a similar service that has not revealed any user information in the past, however, they are also obliged to provide access to lawful interception requests so this still remains a possibility.

Disposable Email Addresses (DEAs) are anonymous and temporary. They allow users to quickly create new email addresses as-and-when they’re needed, which can then be disposed of after use. This is particularly useful for avoiding spam when filling in forms on websites that require an email address to proceed. Keeping your real email address away from spammers is crucial to protecting your identity online and DEAs are a great solution. Popular providers of this service include Guerrilla Mail and Mailinator, although there are hundreds out there to choose from. Most DEAs are not particularly secure, so it is not advised to use these services to send sensitive information – rather, use them as a way to avoid giving away your own information in situations where you are obliged to do so.
7. VPN

Virtual Private Networks (VPNs) are one of the most effective ways to protect your privacy online. A VPN essentially hides your IP address – your unique online identifier – and runs all your online data via a secure and encrypted virtual tunnel, which can keep websites from tracking your online activity or even knowing which country you’re browsing from. These days, there are many VPNs to choose from. Hotspot Shield, TorGuard, CyberGhost and HideMyAss are some of the more popular ones that are currently available. Most of them require a small monthly subscription fee and they don’t all provide the same list of features, so it’s worth shopping around for a VPN that suits you.
Tor Browser.
8. TOR

Originally developed with the U.S. Navy in mind as a way to protect government communications, Tor is a network of “virtual tunnels that allows people and groups to improve their privacy and security on the Internet.” Tor’s anonymity network allows access to the ‘deep’ or ‘hidden’ web, where websites can be created anonymously and individuals can communicate privately with each other. When using the Tor browser – which can be downloaded for free from – it is very difficult for websites or individuals to track your online activity and location. However, while Tor is quite effective at protecting your online anonymity, it can be slow, complicated and restricting. It’s also worth noting that while the network can and has been used for good, it has also been used for illicit purposes, such as selling drugs and distributing images of child abuse.

A proxy server is a computer through which your online activity can be processed, essentially acting as an intermediary between your computer and the internet. As such, this can be a great way to maintain your online anonymity as the proxy basically masks your IP address with its own. If the proxy is based in a different country than your own, you can fool websites and trackers into thinking you’re browsing from a completely different continent. There are many ways to use proxies and there are various free and paid services on offer. has a limited free web proxy service that you can start using immediately if you’d like try it out.
HTTPS Everywhere.

Hypertext Transfer Protocol Secure (HTTPS) is the encrypted version of HTTP, the technology protocol which determines how web servers and browsers respond to commands and how messages are sent and received. The Electronic Frontier Foundation’s (EFF) HTTPS Everywhere is a neat little extension – available on Google Chrome, Mozilla Firefox and Opera – that forces websites to use HTTPS, even when they default to the less secure and unencrypted HTTP. By EFF’s own admission it’s still feasible for “some attackers to break HTTPS,” but it’s certainly not a bad idea to install their extension as HTTPS is still far more secure than HTTP and will certainly help to protect your privacy and consequently maintain your anonymity. EFF is a nonprofit organisation that seeks to defend civil liberties in the digital world.

Cookies are little bits of code that are automatically downloaded from a website and stored on your system. Cookies allow websites to quickly and easily remember if you’ve been there before – if you have, the website may then alter certain variables based on the information that has been stored in the cookie in order to give you a more personalised and potentially useful experience. However, some cookies can be very intrusive, logging information such as how long you’ve been visiting a particular website, how many clicks you’ve made and what content you seem to prefer reading. It doesn’t hurt, then, to occasionally wipe your system of any and all cookies. Admittedly this won’t do a huge amount to protect your anonymity, but it will make it harder for websites to learn and understand your viewing habits. You can delete cookies from within your browser, but to make sure you nuke the lot, you can use an app like CCleaner, which is free and powerful.
DuckDuckGo: the plucky upstart taking on Google with secure searches
Read more

Like most people, you probably use Google to search for things online. Google is an undeniably accurate, fast and efficient search engine, however, this is largely helped by its personalised search system. This is a feature that uses your past search history, rather than just relying on the terms you’ve typed into the search bar, to present you with results that are more relevant to your personal tastes. To do this, Google keeps track of your search habits in a number of ways, including browser cookies. You can turn off this personalised search by clicking Search Tools > All Results > Verbatim. But if you really want to make sure Google isn’t tracking your searches, consider using a different search engine entirely, such as DuckDuckGo, which promises never to track your searches and “emphasizes protecting searchers’ privacy and avoiding filter bubble of personalized search results.”

While Google Chrome, Firefox and Internet Explorer are popular, they’re not as secure as they have the potential to be. If you would like a more guarded browsing experience that has a more earnest approach to secure web browsing, consider trying out a privacy-focused browser such as Dooble, Comodo Dragon or SRWare Iron. However, do bear in mind that the additional security methods are fairly limited and will do little to protect your overall anonymity on their own, rather, this should be used in conjunction with other measures. Additionally, you can probably get a comparably secure service by disabling third-party cookies and blocking all location data in your regular browser’s settings and installing various privacy and anonymity-focused extensions and plugins such as Ghostery or Mailvelope.

“Dropbox…is very hostile to privacy”
Edward Snowden


Edward Snowden has called Dropbox – a cloud storage service – ‘hostile to privacy’. That’s pretty damning. If you’re worried about sharing your files through this system, there are a number of good alternatives out there which offer better privacy. Snowden himself recommends Spideroak, which describes itself as a zero-knowledge encrypted data backup, share, sync, access and storage service. You can use a limited version of this as part of their free trial, which can be found on their website. A fully featured subscription is available for $12 a month. However, if you’re just looking to quickly share small or large files anonymously for free, give OnionShare a go. It doesn’t have as many features as Spideroak, but it gets the job done.

Staying anonymous while using a smartphone can be tricky business. Many apps will want access to all sorts of settings on your device by default, which you may not be aware of and which you will have to manually manage with each new app installation and update. Furthermore, connecting to public networks while on the go is also a great way of potentially exposing your data to nefarious snoopers. While both Apple’s iOS 8 and Android’s Lollipop now have good encryption measures by default, there is another more extreme option in the form of The Blackphone. This is an ‘NSA-proof’ smartphone that claims to provide privacy features for texts, emails, web browsing and phone calls. Reviews so far have been mostly positive but at around £400, it’s not cheap.

If you’ve got a password that can be easily guessed, cracked or stolen, because you have a bad memory for that sort of thing, then you can say goodbye to your anonymity. This is especially true if you use the same password for everything, or across multiple websites and/or services. A great way to improve your password security is to use a password manager, like LastPass. LastPass saves all of your passwords and only requires you to remember one master password, making multiple different passwords a lot less of a headache to manage, which in turn improves your online security and protects your anonymity.

There are security focused email service providers, security focused smartphones and security focused web browsers, but have you considered using a security focused operating system? Whonix is exactly that – an open source OS that focuses on anonymity, privacy and security. Based on the Tor network, Whonix is about as anonymous as an OS can get before it all becomes too inconvenient for normal use. Whonix runs in two parts, “one solely runs Tor and acts as a gateway… The other… is on a completely isolated network. Only connections through Tor are possible.” You can download it for free from

Darkcoin is an open source digital cryptographic currency based on the Bitcoin software code. It is intended to be a more private version of Bitcoin (which typically prides itself on its transparency) and it claims to be the world’s first anonymous cryptocurrency. Finding merchants that accept Darkcoin can be tough (Darkcoin has its own merchant directory which you can browse here but when you do, your financial transactions are well hidden and, in theory, entirely anonymous.

Using a virtual machine is a great way to work on sensitive files (or to open dubious ones) without the fear of online snooping or potentially infecting your main system. A virtual machine is essentially a second ‘virtual’ computer that you host within your main operating system as an application. So let’s say you want to download a JPG from an email attachment, but you’re worried that it’s infected with a keylogger or some other form of virus that could jeopardize your anonymity. Firstly, if you suspect this to be the case, you shouldn’t download it at all. But one method to more safely examine the file if you absolutely must is to use virtualization software, such as VirtualBox, to install a virtual machine onto your system. It’s best to use a secure OS for this, so something Linux based isn’t a bad idea. You can then download the file on the virtual machine before turning the internet on your virtual machine off and opening the JPG. Once you’re done with the file, you can delete it along with your virtual system, leaving no traces behind and no potential security issues.

JavaScript is used all over the web and can provide detailed information about your system to any website that uses it. This is almost always used completely harmlessly and is often used to improve your browsing experience or funnel more personalised and relevant adverts your way. However, some of this personal or system information can and has been leaked in the past. Disabling JavaScript completely is not really a viable solution as a large amount of websites require you to accept JavaScript in order for them to display correctly. However, you can install an extension into your browser that will allow you to blacklist or whitelist JavaScript activity, giving you more control over how and where your information is being used. NoScript and ScriptSafe are both popular choices and very easy to use.

Ultimately, the only way to truly stay anonymous online is to never go online in the first place. If you’ve already used the internet, delete any and all accounts you’ve ever created, turn your computer off and smash it to pieces. You will still leave a digital footprint of some sort in your wake, but hopefully it’s not particularly significant. If you’re using this extreme method, you should also smash up your smart phone, your tablet and your smart TV (they’re listening to us now). Now that you have purged all connected technology from your life, you may wish to live in self-imposed exile, perhaps in a cave, so that you are not tempted to re-enter the online world. Don’t tell anyone about this and you will successfully have acquired complete anonymity. Probably.

Pentest Lab Guide


There has been a little bit of curiosity around setting up a proper lab.  In this article I’ll discuss how to setup a lab for no cost at all.  The VMware solution you may need to purchase a license however you can always just use Virtual Box.


  1. Download Virtual Box from here.  You’ll have to install this. I don’t think there is a officially supported version for windows 10 but you can still give it a try.
  2. Install your attacker vm with your favorite Pentest OS.  I use Kali you can download that here.
  3. After installing Virtual Box you can install VM’s from these sites to practice on.