Lab Setup 1 – Introduction

Lab Setup 1 – Introduction

A malware testing lab built inside a virtualised environment is the safest and most efficient way forward. Free and commercial offerings exist for Windows, Mac and Linux. The lab guides here focus on VMware Workstation Professional but in time we’ll add guides for ESX, Fusion and other virtualisation platforms.

Getting Started

  1. Choose a virtualisation platform – VMware Workstation Professional on Windows is a great choice. It’s easy to use and the most widely supported product for pre-built virtual machines.
  2. Design your architecture – There’s many different ways to architect a virtual lab. We’ll show you a few options, but you’ll want to think about this thoroughly before you start building anything.
  3. Design your networking – Networking can be as simple or as complicated as you want to make it within VMware. Again, this is something to design right the first time. You’ll want to find a balance between usability, simplicity, supportability and security.
  4. Build the Virtual Host – Install VMware onto your Windows machine, configure settings and get the networking right.
  5. Build the Virtual Guests (Virtual Machines) – Create your virtual guests and get started with cloning and snapshots.
  6. Configure Management – Get the right management for your virtual machines and provide shared access to software and malware.

Choosing a Virtualisation Platform

We recommend VMware for your virtual lab, and we’re going to focus here on VMware Workstation Professional (for Windows).


To get a copy, head to the VMware website. A single licence of Workstation Pro is around £190 UK / $240 US. The Player version is for playing pre-built virtual machines and you lose the ability to configure crucial things like networking. The Pro version is the one to choose.

Carl Gottlieb

[email protected]

Carl Gottlieb is the privacy lead and Data Protection Officer for a select group of leading tech companies. Carl’s consultancy company Cognition provides a range of privacy and security services including virtual DPO and virtual CISO.

Heard about GDPR? Want to know more? Check out our sister site at