home / projects / homelab-setup
✓ Completed Homelab Infrastructure

Homelab Environment Setup

Designing and building a personal virtualized security lab environment for practicing SOC workflows, network monitoring, and security tool deployment without touching production systems.

VMs Linux Networking Virtualization Log Analysis
Status
Completed ✓
Started
2025
Duration
Ongoing
Type
Infrastructure Lab

Overview

A homelab is one of the most valuable investments a cybersecurity student can make. Rather than relying purely on theoretical knowledge or cloud-based sandboxes, having a personal environment means I can experiment freely, break things intentionally, and build muscle memory with real tools.

The goal of this project was to design and build a virtualized security lab that mirrors, at a small scale, the kind of environment I'd encounter in a real SOC — with multiple systems generating logs, traffic flowing between segments, and security tools actively monitoring.

Lab Architecture

Host Machine: [Your hardware specs here — e.g., 16GB RAM, Intel i7, 500GB SSD] Running a hypervisor to manage multiple VMs simultaneously.
  • Hypervisor: [e.g., VirtualBox / VMware Workstation / Proxmox] for managing virtual machines
  • Network Segment: Isolated virtual network so lab traffic doesn't touch my home network
  • VMs Running: [List your VMs — e.g., Kali Linux, Ubuntu Server, Windows 10, pfSense]
  • SIEM: [e.g., Splunk Free / ELK Stack / Wazuh] for log ingestion and analysis
  • Traffic Generation: Normal and malicious traffic generated within the lab for analysis practice

[Add a network diagram image here later — or describe the topology in more detail.]

What I Did

  • Installed and configured the hypervisor on the host machine
  • Created an isolated virtual network with proper IP segmentation
  • Deployed Linux VMs and configured SSH access for remote management
  • Set up log forwarding from each VM to a central collector
  • Configured the SIEM to ingest, parse, and index logs from all sources
  • Created initial detection rules to alert on common indicators
bash
# Example: install and start Wazuh agent on Ubuntu VM curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo gpg --no-default-keyring \ --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import # Start the agent sudo systemctl start wazuh-agent sudo systemctl enable wazuh-agent

Results

VMs DEPLOYED
4
Linux + Windows instances
LOG SOURCES
3+
Forwarding to central SIEM
DETECTION RULES
8
Initial ruleset created
UPTIME
Active
Lab runs on demand

[Describe your key findings here — what did the lab reveal, what alerts fired, what was interesting? Replace this placeholder with your actual results.]

Challenges & How I Solved Them

  • [Challenge 1]: Description of what went wrong and how you fixed it.
  • [Challenge 2]: Another obstacle and the solution you found.
  • [Challenge 3]: What you had to research or learn to overcome it.
Note: This section is important — it shows growth and problem-solving. Be specific about what broke, what error you saw, and what fixed it.

Screenshots

[Describe what these screenshots document — e.g., "Proxmox dashboard showing all running VMs and resource usage."]

What I Learned

Network Segmentation How to properly isolate lab traffic from home network using VLANs and firewall rules.
Log Forwarding Configuring syslog and agents to ship logs to a central collector without packet loss.
SIEM Basics Creating index patterns, saved searches, and basic correlation rules in a SIEM platform.
VM Management Snapshots, cloning, and resource allocation for efficient lab workflow.

// Next Steps

  • Add a Windows Server VM to practice Active Directory attack/defense scenarios
  • Expand detection ruleset to cover more MITRE ATT&CK techniques
  • Set up automated traffic generation for continuous alert practice
  • Document findings as formal SOC-style incident reports