Ive had more thoughts on the design of the lab and I think this should set me up for a good while.

The Malware Lab is pretty much already set up my next post will be me just checking everything is all set up, and running though a test analysis as well as importing some new malware samples.

The Windows Pen Test, Windows estate and Linux Estate are mostly built. The Pen test group is built and needs to be checked and snapshots taken.

The Windows estate will comprise of some IIS boxes, a mix of server 2016, 2019 and 2022 servers and a mssql server (i’m not a DB admin but i do have to deal with these occasionally) as well as a Domain controller to manage them.

The Linux estate will be mostly load balancers and web servers (nginx and apache), and a mix of OS architectures.

Both the windows estate and the linux estate will be controlled by puppet, and feed log data into Soc Box (puppet will also push the siem agents/ XDR).

The Offensive group is built and comprises just my CTF / Offensive cert box and my tracelabs VM.

Infrastructure and SOC are the groups that need the most work.

Infrastructure – a 3 node K8 cluster will host temporary projects and a CI/CD pipeline. I may also stick a gitlabs instance in here. The NOC Box will contain the monitoring stack.

SOC – The SOC box will contain a load of my favorite endpoint and network analysis tools as well as wazuh and maybe greylog. The others will pretty much do what they say on the tin.

Building

Think this should take me just a few weeks of the odd hour after work to get done. Ive built all these before as individual labs, only now they’ll be more permanent and i may even built them out as VM images for later use or sharing.

First up….. The Malware Lab