Allow me to introduce my homelab. Clearly it is a work in progress and its structure reflects my use case, skill set, and available time. I am fully aware that it is far from where it ought to be, but it still allows me to explore tools and topics I cannot in my professional life. I had let my skills grow stale before and this is one effort to keep that from happening again. Also, it’s fun. And while it would be a shame if this project provides little value to the cyber community, I will provide value to me. So, on with my setup.
The relevant hardware is a single 1U host (24 cores, 64 gb) running an open source type 1 hypervisor. It runs public facing as well as monitoring and management VMs (SNMP, syslog, vulnerability scanner, etc). They are segregated into VLANs with traffic limited between them. I am also running a honeypot, but that’s a post for another time. I focus on open source or free to use solutions.
I run a LAMP WordPress website on a custom port because my ISP blocks ports 80 and 443. And because of this, a certificate is out of the question. It provides a lot of interesting Apache traffic to explore. I also run Security Onion, which collects raw network traffic, syslog, and wazuh data, and generates Suricata alerts. It does a lot more than that, and I will go over that in time. I am always looking for more stuff to implement. A malware analysis sandbox may be on the horizon.
I have a backlog of stories to write about, so we will be transported back to early summer for my next post. I will occasionally be vague to avoid calling out an institution that may not deserve it. And sometimes because I didn’t collect all of the relevant information at the time.
So, I look forward to sharing what I find, what I learn, and what I do. I hope someone finds it useful. Thanks.