How to Build a Cybersecurity Practice Lab in 2026

Updated February 2026: Expanded with cloud lab environments, Docker-based labs, AI-assisted lab building, and GitHub workflows. Original VirtualBox guide updated.

4.8 million cybersecurity positions remain unfilled globally (ISC2, 2024). Yet 90% of hiring managers consider candidates with demonstrable IT skills over those with only formal education (ISC2, 2025). The gap is not about qualifications. It is about proving capability through hands-on work.

A cybersecurity practice lab gives you the controlled environment to develop those skills safely and legally. But the lab landscape has changed. VirtualBox and VMware are still foundational, but modern security work happens across Docker containers, cloud platforms like AWS, and increasingly with AI assistants that help you build, configure, and troubleshoot faster than ever. This is actually a good thing and I find there are so many more options to explore and the limits of what you can do are endless, I am envious of those starting their career today.

This guide covers all of it: from a free local VirtualBox setup to cloud-based labs, containerised environments, and AI-accelerated workflows. Professional certifications like OSCP, PNPT, and CEH all require hands-on practice. Don't try to do everything at once start on one platform and tool and expand out over time... here is how to build yours.

Get threat intelligence and lab guides delivered to your inbox. Subscribe to CyberDesserts for practical security content, no fluff.

Why You Need a Cybersecurity Practice Lab

Practicing security techniques on production systems or unauthorised networks is both illegal and dangerous. A personal lab eliminates that risk entirely.

• Legal safety - Unauthorised scanning is illegal. Your lab removes all legal risk
• Unlimited practice - Break things, try again, learn from failures without consequences
• Cert preparation - OSCP, PNPT, CRTP, and eCPPT all demand hands-on skills you can only develop through practice
• Cost effective - Commercial labs charge monthly fees. Your lab is a one-time investment (or free with cloud free tiers)
• Tool testing - Evaluate new exploits, scripts, and AI tools before client engagements
• Snapshot and rollback - Save clean states, experiment freely, restore instantly when things break

This is not just about learning tools. It is about developing the muscle memory and problem-solving intuition that separates effective security professionals from those who only understand theory. To lead the pack, round out your knowledge across multiple domains and skills. See the Cybersecurity Skills Roadmap.

How a Security Lab Works

A security lab consists of three core components working together:

Host System - Your physical computer running virtualisation software. This is the machine everything runs on.

Attacker VM - Kali Linux or Parrot OS loaded with your penetration testing tools. This is where you launch scans, exploits, and assessments from.

Target VMs - Intentionally vulnerable systems to practice against, such as Metasploitable, DVWA, and VulnHub machines. These simulate the real-world targets you would encounter in professional engagements.

The key is network isolation. Your VMs communicate with each other on a private virtual network, completely separated from your home network and the internet. This isolation ensures your practice attacks never accidentally reach real systems.

The Modern Lab: VMs, Containers, and Cloud

A cybersecurity lab in 2026 is no longer just a laptop running VMs. The modern approach combines three layers, and most practitioners use all of them depending on what they are building.

Local virtualisation remains the foundation. VirtualBox or VMware on your machine gives you full control, zero latency, and no recurring costs. This is where you run Kali, Metasploitable, Active Directory attack labs, and anything requiring persistent network configurations.

Containers handle tool deployment. Docker lets you spin up security tools (Splunk, ELK, DVWA, Wazuh) in minutes instead of hours. Containers are lighter than full VMs, version-controlled, and portable between your laptop and the cloud. If you have not used Docker yet, see Getting Started with Docker for Cybersecurity for a walkthrough from zero.

Cloud platforms extend your lab beyond local hardware limits. AWS free tier, VPS providers, Railway, and similar platforms let you build labs that mirror real production environments. Cloud labs are especially valuable for practising cloud security skills that employers increasingly require.

The key insight: these layers complement each other. Run Kali locally for offensive tooling. Deploy target services in Docker. Use cloud for scenarios that need real infrastructure like Active Directory forests, multi-subnet networks, or exposed honeypots. Push your configs to GitHub so you can rebuild everything from scratch in minutes.

What Hardware Do You Need for a Home Lab?

Minimum and Recommended Specifications

Most modern laptops from the last 3-4 years meet minimum specs. If you can handle running a few browser tabs, you can run a basic security lab. The 32GB recommendation is for complex scenarios with multiple target systems running simultaneously.

Enable virtualisation: Check your BIOS/UEFI settings and enable Intel VT-x or AMD-V. Without this, virtual machines will crawl or refuse to start entirely.

VirtualBox vs VMware: Which Should You Use?

VirtualBox (Recommended for Beginners)

Pros:

• Completely free and open source
• Runs on Windows, macOS, and Linux
• Excellent snapshot functionality
• Large community and extensive documentation
• Lower resource overhead

Cons:

• Slightly slower performance than VMware
• Fewer advanced networking features

Download: virtualbox.org

VMware Workstation/Fusion

Pros:

• Better performance than VirtualBox
• More polished interface
• Advanced networking options
• Industry standard for professional environments

Cons:

• Slightly higher resource usage

Download: VMware Fusion and Workstation (registration required)

Both are free now. VirtualBox is simpler to get started with. VMware offers better performance for complex multi-VM scenarios. The concepts transfer directly between them. This guide uses VirtualBox, but everything applies to VMware with minor interface differences.

How to Set Up a Pentesting Lab with VirtualBox

Step 1: Install VirtualBox

Download and install VirtualBox for your operating system from virtualbox.org. The installation is straightforward. Accept defaults unless you have specific networking requirements. After installation, launch VirtualBox to verify it works.

Step 2: Create an Isolated Network

Before creating VMs, set up network isolation:

1. Open VirtualBox, then go to File, then Preferences, then Network
2. Click NAT Networks tab, then click the + icon
3. Name it "CyberLab" (or your preference)
4. Note the network range (default: 10.0.2.0/24)

This creates an isolated network where your VMs can communicate with each other and access the internet for updates, but remain completely separated from your home network.

Step 3: Set Up Kali Linux (Attacker VM)

Download the pre-built image:

• Go to kali.org/get-kali
• Download "VirtualBox 64-bit" image (about 3-4GB)
• Extract the downloaded file

Import into VirtualBox:

1. Open VirtualBox, then go to File, then Import Appliance
2. Select the downloaded .ova file
3. Review settings (default 2GB RAM is fine to start)
4. Click Import and wait 5-10 minutes

Configure networking:

1. Right-click the Kali VM, then Settings, then Network
2. Adapter 1: Change to NAT Network
3. Select your "CyberLab" network

First boot:

• Default username: kali
• Default password: kali
• Update immediately: sudo apt update && sudo apt upgrade -y

Step 4: Add Vulnerable Target VMs

Import process for downloaded VMs:

1. Download your chosen vulnerable VM (start with Metasploitable 2)
2. Import into VirtualBox like you did with Kali
3. Configure network to use your "CyberLab" NAT Network
4. Important: Set targets to Host-Only or NAT Network. Never bridge to your home network

Step 5: Verify Your Lab Works

Boot both Kali and your target VM. From Kali:

# Find your target's IP address
nmap -sn 10.0.2.0/24

# Scan your target
nmap -sV [target-ip]

# Verify isolation - try pinging your home router
# This should fail, confirming isolation
ping [your-router-ip]

If Nmap discovers your target and shows vulnerable services, your lab is functional. If the router ping fails, your isolation is confirmed. For detailed scanning techniques, see the Nmap Network Scanning Guide and NSE Scripting Engine tutorials.

Docker-Based Security Labs

Docker has fundamentally changed how security professionals build lab environments. Instead of downloading multi-gigabyte VM images, you pull containers that are ready in seconds.

Why Use Docker for Cybersecurity Labs?

In my experience working with enterprise security teams, the shift to containerised tooling is one of the biggest practical changes in the past few years. Security tools that used to require dedicated VMs now ship as Docker images.

• Speed - Pull and run a vulnerable web app in under a minute
• Portability - Same container runs on your laptop, a VPS, or AWS
• Version control - Docker Compose files go into Git. Rebuild your entire lab from a single docker-compose up
• Lightweight - Run 10+ containers on hardware that would struggle with 3 VMs

Quick Start: DVWA in Docker

docker run -d -p 80:80 vulnerables/web-dvwa

Open http://localhost in your browser. You now have a vulnerable web application to practice SQL injection, XSS, and more. That took 30 seconds instead of 30 minutes.

Multi-Container Lab with Docker Compose

Docker Compose lets you define multi-container environments in a single file. Here is a minimal example for a security testing lab:

version: '3'
services:
  dvwa:
    image: vulnerables/web-dvwa
    ports:
      - "80:80"
  
  juice-shop:
    image: bkimminich/juice-shop
    ports:
      - "3000:3000"

Save as docker-compose.yml and run:

docker-compose up -d

You now have two vulnerable web applications running side by side. For a full Docker deep-dive including building custom images and managing containers, see Getting Started with Docker for Cybersecurity. For deploying a SIEM in containers, see the Splunk Enterprise Docker Setup and ELK Stack Security Monitoring Tutorial.

Docker + VirtualBox: The Hybrid Approach

The most practical setup combines both. Run Kali in VirtualBox for your attacker tools and network-level testing. Run target services and security tools in Docker on your host machine or inside a Linux VM.

This gives you the network isolation of VMs where you need it and the speed of containers for everything else.

Cloud Lab Environments for Cybersecurity

Cloud platforms extend your lab beyond what local hardware can handle. They also let you practice cloud security skills, which is increasingly what employers are looking for. 81% of IT and security decision makers agree their cloud provider's native security capabilities exceed what their team could deliver independently (AWS, 2025).

AWS Free Tier for Security Labs

AWS offers 12 months of free tier access that is genuinely useful for security labs.

What you get for free:

• EC2 - 750 hours/month of t2.micro or t3.micro instances (enough for a small lab running 24/7)
• S3 - 5GB storage for scripts, logs, and lab data
• CloudWatch - Basic monitoring and logging
• IAM - Identity management (unlimited)

Lab ideas on AWS free tier:

• Deploy a vulnerable web application on EC2 and practice scanning it from your local Kali
• Set up CloudTrail logging and practice log analysis
• Create IAM misconfigurations intentionally, then detect and fix them
• Build a basic honeypot to observe real-world scanning traffic

Security warning: Anything deployed on AWS with a public IP will get scanned by automated bots within minutes. This is actually useful for learning, but never deploy truly vulnerable services without understanding the risk. Use security groups to restrict access to your IP only.

Cost optimisation and monitoring: Be careful and monitor you AWS usage this is a whole other topic but spend some time to understand this area of AWS if you start using it a lot and make sure to remove resources you are no longer using, once you start using things like terraform and github then projects can be spun up and destroyed easily again.

VPS Providers for Always-On Labs

Virtual Private Servers give you root access to a Linux machine in the cloud for a few pounds per month. This is how I have built many of my own lab projects, and it remains one of the most practical options for anything that needs to be always-on or publicly accessible.

Good options:

• DigitalOcean - Droplets from $4/month, excellent documentation
• Linode (Akamai) - Similar pricing, strong community
• Vultr - Good for quick disposable instances
• Hetzner - Best value for European users

VPS lab scenarios:

• Run an ELK stack for log analysis practice
• Deploy a CTF challenge server for team practice
• Host a Wazuh instance for endpoint detection learning
• Set up WireGuard VPN to securely connect your home lab to cloud resources

Railway, Vercel, and Platform-as-a-Service

These platforms are not traditional lab environments, but they are increasingly relevant for security professionals who work at the intersection of development and security.

Railway deploys Docker containers and databases with minimal configuration. Useful for spinning up vulnerable applications quickly or deploying custom security tools as web services.

Vercel handles frontend deployments. Relevant for testing web application security configurations, CSP headers, and understanding how modern web applications are deployed.

GitHub Codespaces provides a full VS Code environment in the browser with terminal access. You can run Docker containers inside Codespaces, making it a portable lab that works from any machine.

The vendor pitch for these platforms is developer productivity. The reality for security practitioners is they let you understand how modern applications are deployed, which is exactly the environment you will be testing in professional engagements.

Cloud Lab Platforms for Structured Learning

If you prefer structured challenges over building from scratch, dedicated platforms are excellent complements to your own lab:

Cloud labs remove hardware requirements but add subscription costs and reduce customisation. For comprehensive long-term practice, your own lab wins. For structured learning and certification prep, cloud platforms excel. Ideally, combine the best of both worlds: use platforms for structured learning and your own lab for experimentation and deeper investigation.

Download the Career Roadmap

How AI Helps You Build and Manage Security Labs

AI tools have become a genuine accelerator for lab work. This is not hype. In practice, AI assistants save hours on configuration, troubleshooting, and generating test scenarios.

Where AI Helps in Lab Building

Configuration generation. Describe the lab environment you want and get a working Docker Compose file, Terraform config, or VirtualBox setup script. Instead of spending an hour reading documentation for a tool you will use once, ask for a working configuration and then review it.

Troubleshooting. Paste an error message and get a diagnosis. This is where AI saves the most time in my experience. Networking issues between VMs, Docker port conflicts, firewall misconfigurations: these are the problems that eat hours when you are learning. An AI assistant can usually identify the issue in seconds.

Script writing. Need a Python script to parse Nmap output? A Bash script to automate VM snapshots? A YARA rule for a specific indicator? AI can generate working drafts that you refine and learn from.

Scenario generation. Ask for a realistic attack scenario appropriate to your skill level. AI can create custom CTF-style challenges, complete with objectives, hints, and solutions.

Where AI Does Not Replace Hands-On Learning

AI can generate a configuration, but it cannot teach you why that configuration works. Use AI to accelerate your workflow, not to skip understanding. If an AI gives you a Docker Compose file, read through it. Understand what each service does, how the networking connects, what ports are exposed and why.

The security professionals who benefit most from AI are those who already understand the fundamentals and use AI to move faster. For those still building foundations, AI is a research assistant, not a shortcut. For a deeper look at using AI for security learning, try our CyberDesserts Learning Assistant.

Kali Linux AI Integration via MCP

As of early 2026, Kali Linux introduced native AI-assisted penetration testing workflows using Anthropic's Claude via the Model Context Protocol (MCP). This allows security professionals to issue natural-language commands that translate into live terminal commands on a Kali environment.

This is significant because it lowers the barrier to running complex tool chains. Instead of memorising syntax for dozens of tools, you describe what you want to accomplish and review the commands before execution. The important word there is "review." Always understand what a command does before running it, especially in offensive security.

Using GitHub for Lab Documentation

Version control is not just for developers. Maintaining your lab configurations in a GitHub repository is one of the highest-value habits you can build early.

What to store in your lab repo:

• Docker Compose files for your lab environments
• VM setup scripts and configuration notes
• Custom scripts (scanning, automation, parsing)
• Lab journals documenting what you tested and learned
• Terraform or CloudFormation templates for cloud labs

Why it matters for your career:

• A GitHub profile with lab projects is tangible proof of hands-on skills
• Hiring managers can see what you have actually built, not just what certificates you hold
• You can rebuild your entire lab from scratch on any machine by cloning your repo
• It demonstrates the development workflow familiarity that modern security roles require

Use private repos for anything containing sensitive configurations (API keys, internal network details). Use public repos for polished lab projects you want employers to see.

Essential Lab Management

Snapshot Strategy for Virtual Machines

Before any major testing:

1. Shut down all VMs
2. Right-click each VM, then go to Snapshots, then Take
3. Name descriptively: "Clean_Metasploitable_2026-02"

Why snapshots matter: You will break things. You will accidentally compromise systems in ways that make them unstable. Snapshots let you reset to known-good states in seconds rather than rebuilding from scratch.

Snapshot workflow:

• Take snapshot of clean installs
• Take snapshot before each major test
• Take snapshot after successful exploits (save your work)
• Restore when things go wrong

Network Isolation Verification

Critical safety check before every session:

# From Kali, verify you CANNOT reach your home network
ping [your-router-ip]
# This should timeout - if it succeeds, fix your network config immediately

# Verify you CAN reach target VMs
ping [target-vm-ip]
# This should succeed

Never skip this verification. Accidentally scanning your home network, or worse, external systems, creates legal liability even in your own lab environment.

Docker Cleanup

Containers and images accumulate fast:

# Remove stopped containers
docker container prune

# Remove unused images
docker image prune -a

# Nuclear option: remove everything
docker system prune -a

Run cleanup weekly to reclaim disk space.

Practical Lab Exercises

Exercise 1: Network Reconnaissance (VirtualBox)

# Apply Linux basics and Nmap skills
nmap -sS -sV -O [target-ip]
nmap -p- --top-ports 1000 [target-ip]

Objective: Practice the Nmap scanning techniques against Metasploitable in your VirtualBox lab.

Exercise 2: Vulnerability Detection with NSE

# Use NSE scripts against known vulnerable services
nmap --script=vuln [target-ip]
nmap -p 445 --script=smb-vuln-* [target-ip]

Objective: Practice NSE vulnerability detection against known vulnerable services.

Exercise 3: Web Application Testing (Docker)

docker run -d -p 80:80 vulnerables/web-dvwa

Access DVWA at http://localhost and practice:

• SQL injection detection
• XSS (Cross-Site Scripting) exploitation
• Command injection techniques
• File upload vulnerabilities

Objective: Move from network-level to application-level security testing.

Exercise 4: Log Analysis (Docker SIEM)

Deploy the ELK stack or Splunk in Docker and feed it logs from your attack exercises. Practice building detection rules for the attacks you just ran. See the ELK Stack Security Monitoring Tutorial for the full walkthrough.

Exercise 5: Cloud Security Assessment (AWS)

Set up an EC2 instance with intentional misconfigurations. Use AWS Inspector or manual review to identify and remediate the issues. Document findings as you would in a professional assessment.

Common Lab Problems and How to Fix Them

Problem: "VMs are too slow" Fix: Reduce RAM allocation per VM, close unnecessary applications on host, upgrade to SSD if using HDD. Docker containers are lighter if VM performance is a persistent issue.

Problem: "VMs cannot connect to each other" Fix: Verify all VMs use the same NAT Network in VirtualBox settings. Check firewall rules inside VMs. Restart the network adapter in each VM.

Problem: "Kali can reach my home network" Fix: Change from Bridged to NAT Network immediately in VirtualBox network settings. Re-run the isolation verification check.

Problem: "Running out of disk space" Fix: Delete old snapshots you no longer need. Compress unused VMs. Consider an external drive for VM storage. For Docker, run docker system prune regularly.

Problem: "Docker port conflicts" Fix: Check which ports are already in use with netstat -tlnp (Linux) or lsof -i :[port] (macOS). Change the host port mapping in your Docker run command or Compose file.

How to Expand Your Lab Over Time

Start simple. Kali + Metasploitable is enough to practice everything in our Linux Cybersecurity Learning Path.

Add complexity when you need it:

• More vulnerable VMs (DVWA, OWASP BWA, Juice Shop)
• Docker containers for tool deployment
• Windows Server for Active Directory practice
• Blue team tools (Security Onion, Wazuh, pfSense firewall) - for log analysis fundamentals, see ELK Stack Security Monitoring Tutorial
• Cloud infrastructure (AWS, Azure)
• Network segmentation with multiple subnets
• CI/CD pipeline security testing
• AI agent testing environments

Advanced scenarios to build toward:

• Full Active Directory domain with multiple hosts
• Simulated corporate network with DMZ
• Red team vs blue team exercises
• Malware analysis isolated environment
• Cloud security posture assessment labs

Each addition should serve a specific learning objective. Do not add complexity because you can. Add it when you need it for the next skill you are developing.

Legal and Ethical Boundaries

Your lab is legally safe because you own all the systems. But critical rules still apply:

NEVER:

• Practice on systems outside your lab without written authorisation
• Connect vulnerable VMs directly to the internet (you are asking to be compromised)
• Share exploits or tools intended for malicious use
• Use your skills against any unauthorised target "just to test"

ALWAYS:

• Keep lab isolated from production systems
• Document your tests and findings (good habit for professional work)
• Respect the spirit of ethical hacking even in your own lab
• Remember that these are the same techniques attackers use. Use responsibly

The skills you develop here are powerful. They can secure organisations or destroy them. Your lab is where you learn the difference. For a broader view of how these skills fit into a security career, see the Cybersecurity Career Playbook.

Summary

A cybersecurity practice lab is the single most effective investment in your security career. The modern approach combines local VMs (VirtualBox or VMware) for network-level testing, Docker containers for rapid tool deployment, and cloud platforms (AWS, VPS providers) for real-world infrastructure experience. AI tools accelerate every stage, from generating configurations to troubleshooting networking issues, while GitHub provides the version control and portfolio evidence that hiring managers look for.

Start with Kali and Metasploitable in VirtualBox. Add Docker when you need faster tool deployment. Move to cloud when you need real infrastructure. Use AI to move faster through configuration and troubleshooting. Document everything in GitHub.

With 4.8 million cybersecurity positions unfilled and employers prioritising demonstrable skills over formal qualifications, a personal security lab bridges the gap between theoretical knowledge and job-ready capability. A basic setup requires only 16GB RAM and free software to create an isolated environment where you can safely practice everything from Linux command line fundamentals and Nmap network scanning to NSE vulnerability detection without legal risk or system damage.

New lab guides, tool tutorials, and practical security content. No sales pitches, no fluff.

Map your path from zero to job-ready: Cybersecurity Skills Roadmap

Last updated: February 2026

Key Resources

• VirtualBox Downloads - Free virtualisation platform
• Kali Linux Downloads - Pre-configured penetration testing OS
• Metasploitable 2 - Intentionally vulnerable Linux VM
• VulnHub - Hundreds of practice VMs
• Docker Desktop - Container platform
• AWS Free Tier - 12 months of cloud lab resources
• TryHackMe - Cloud-based learning platform

References and Sources

1. ISC2. (2024). 2024 Cybersecurity Workforce Study. Global workforce gap of 4.8 million professionals, 19% increase from 2023. Survey of 15,852 cybersecurity practitioners worldwide.
2. ISC2. (2025). 2025 Cybersecurity Hiring Trends Report. Survey of 929 hiring managers across six countries on entry-level hiring practices. 90% consider candidates with IT work experience over formal education alone.
3. AWS. (2025). AI-Enhanced Security Innovations at re:Invent 2025. Survey of 2,800 IT and security decision makers. 81% agree cloud provider native security capabilities exceed what their team could deliver independently.
4. Kali Linux. (2026). AI-Assisted Penetration Testing Workflow. Documentation of native Claude AI integration via Model Context Protocol (MCP) for natural-language command execution.
5. SafeAeon. (2024). "How to Setup Homelab to Practice Penetration Testing at Home." Home lab methodology and cybersecurity statistics.
6. Infosec Institute. "How to make your own penetration testing lab." Virtualisation benefits and tool testing methodology for security professionals.

Next in Series: Metasploit Basics: From Vulnerability Detection to Exploitation (Coming Soon)

Previous in Series:

• Nmap NSE Scripting Engine
• Nmap Network Scanning Guide
• Linux Basics for Hackers

Frequently Asked Questions

What is a cybersecurity practice lab?

A cybersecurity practice lab is an isolated environment where you can safely learn and practice security techniques. It typically includes an attacker machine (Kali Linux), vulnerable target systems, and network isolation to prevent practice attacks from reaching real systems. Modern labs combine local virtual machines, Docker containers, and cloud platforms.

How much does it cost to build a pentesting lab?

A basic pentesting lab costs nothing beyond the computer you already own. VirtualBox is free, Kali Linux is free, and vulnerable VMs like Metasploitable are free. Docker is free. AWS offers a 12-month free tier. The main requirement is 16GB RAM and an SSD for running virtual machines smoothly.

Can I build a cybersecurity lab on a laptop?

Yes. Any laptop from the last 3-4 years with 16GB RAM, a quad-core processor, and an SSD can run a basic security lab with 2-3 virtual machines. For more complex scenarios with 5+ VMs, 32GB RAM is recommended. Docker containers use fewer resources than full VMs, so a container-based lab runs comfortably on most modern laptops.

Should I use VirtualBox or VMware for my security lab?

Both are now free. VirtualBox is simpler to set up and has extensive community documentation, making it better for beginners. VMware Workstation/Fusion offers slightly better performance and more advanced networking features, making it better for complex multi-VM labs. The skills transfer between both platforms.

Do I need a cloud lab or is a home lab enough?

A home lab covers most learning needs, especially for certifications like OSCP and PNPT. However, cloud labs (AWS, VPS) let you practice cloud security skills that employers increasingly require, build always-on environments that exceed your local hardware, and understand how real production infrastructure works. The ideal approach combines both.

Can AI help me build a cybersecurity lab?

AI assistants can generate working Docker Compose files, troubleshoot networking issues, write automation scripts, and create practice scenarios. Kali Linux now integrates natively with AI via MCP for natural-language command execution. AI accelerates lab work significantly but should complement, not replace, understanding the fundamentals.

What vulnerable VMs should I start with?

Start with Metasploitable 2 for basic exploitation practice. Add DVWA (available as a Docker container) for web application testing. Then explore VulnHub for hundreds of CTF-style challenges at every skill level. OWASP Juice Shop is another excellent Docker-based option for web application security practice.

Is it legal to practice hacking in my own lab?

Yes, practicing on systems you own and control is legal. Your lab must be isolated from external networks. Never scan, test, or attack systems you do not own without explicit written authorisation. Keep vulnerable VMs off the internet and document your work as professional practice.