Introducing … The Home Lab
I find myself half way through rebuilding my home lab for the 3rd time this year and thought this would be a good place to start this blog. Here i’ll outline what things look like so far, but going forward ill show the rebuild process, what changes are made as well as my experiments in malware analysis, detection engineering, building dev-opsy things, and having fun with interesting tech.
My homelab is built on Proxmox hosted on an old Dell OptiPlex 7040. Ive upped the RAM to 64gb from the standard 16 and stuck a 2tb SSD in (which i should probably look at expanding soon). Its a cheap and cheerful thing i can build on, break, blow up and bodge my way through while learning whatever takes my fancy.
Ive not done anything particularly interesting with the storage (such as ceph) as that seems a bit overkill Everything is just on one big 2tb LVM.
The VMS themselves are split into the current Resource Pools, again with nothing too complicated going on in terms of networking. That is something I plan on changing currently everything is on the default bridge network with the exception of my malware lab which is on its own separate bridge.
Ideally id like each of these resource groups on their own vlans where i can control and port forward traffic to monitoring solutions rather than the half-arsed mess i have at the minute.
The VM’s
Currently the VMS comprise a hodge podge of what I fancied learning at the time with little permanent infrastructure. During this rebuild I want to merge some of these VMS together, regulate others to docker containers or kubernetes pods, and set up permanent infrastructure so I can spin up and destroy experiments (hopefully via infra as code).
AD-LAB = contains 3 VMS, AdDC and 2 ADUIsers. This was initially built for Active directory hacking. But also functions as a learning tool for AD. These functions will; be split with all my windows VMS being joined to one domain controlled by AdDC and a separate hacking domain created on another domain controlled walled off by VLAN.
DevOps = contains dev-master and 2 dev-user. These were originally ansible / puppet / kubernetes / docker learning labs. This will get merged with the Infrastructure group
Infrastructure = contains my kubernetes cluster. Just a simple 3 Node, 1 control plane 2 worker node cluster. This group will contain this cluster which will run short term projects, all the IAC infrastructure as well as my internal monitoring stack. It will be the NOC of the homelab.
MalwareLab = One of my favorites, comprises 3 VMS, a Remnux and Flare-VM pair which only have network access to each other, and a malware development box which is completely isolated for writing spicy software. Ill probably add another dev box for testing infection and spread mechanisms at some point. All of these boxes are set to a known good config and have a clean Snapshot to revert to post detonation.
OSLabs = A handful of windows and linux boxes for deeper learning of operating systems themselves, what happens if i delete this, or stop this startup process. These have a clean snapshot too, but are also just meant to be broken and recreated.
SecurityLabs = This is a bit of a mess at the moment and contains my SocLab, a Splunk instance, an ELK stack, my Kali VM, and a handful of other security related VMS. Ideally this would be split into 3 groups, the SOC labs, the DFIR labs and my CTF boxes. Need to stick my CTI stuff in here too but that takes up way too much disk space and needs some planning.
Web Hosting = Web is by far my least favorite technology (im more of a systems and networks guy), but i have a few boxes of common web servers, wordpress and corresponding MySQL servers and things like that. These should almost all be containers.
Blog Plans
So with that intro out if the way, the next step is consolidating all those VM’s, rebuilding what is easier to just scrap and posting some interesting stuff, maybe reverse some of the top 20 most common malware then write detection rules for them. Or Set up a new monitoring stack and try and run a few attacks past it and see what it looks like. Or just write up some ctf’s. Either way…
I should also probably see to that about page ….