Physical or virtual?

Deciding whether to set up a physical or virtual lab (or a combination thereof) depends on your budget and available resources. Penetration testing can get quite expensive depending on the tools used, especially if opting for commercial tools, but it doesn't have to be, considering the many available open source tools in Kali Linux as well as those available on GitHub and GitLab.

As a professional penetration tester, I use two physical machines. One is a laptop outfitted with a 1 TB hard drive, 16 GB of DDR4 RAM, an i7 processor, and an NVIDIA GeForce GTX 1050 graphics card, outfitted with three virtual machines including the main OS (Kali Linux 2018.2). The second machine is an older Tower workstation with 2 TB drives, 24 GB of DDR3  RAM, and an Intel Xeon 3500 processor with onboard graphics card with several VMs, including those used as part of my virtual lab environment.

When creating your lab environment, it’s crucial that you know the minimum and recommended resources required by each operating system, including the host and all VMs. While many Linux-based operating systems require as little as 2 GB of RAM, it's always a wise choice to assign more than the specified recommended RAM to allow your tools to run without lagging or insufficient memory errors. Again, though, this will all depend on your available budget or resources at hand.