This repository documents the design, build process, and security experiments performed in my personal cybersecurity homelab.
The goal of this project is to build a controlled enterprise-style lab for practicing system administration, networking, detection engineering, vulnerability management, and attack simulation while documenting each phase in a structured and public-facing way.
The lab is continuously evolving as I expand the infrastructure and add new security tools and testing scenarios.
Phase 1 - Foundation is complete.
Phase 2 - Identity and Access is complete.
Completed work now includes:
- VirtualBox host-only and NAT network design
- Deployment of core virtual machines
- Static internal IP addressing
- Host-to-host connectivity validation
- Active Directory Domain Services installation
- Promotion of
DC-01to a domain controller - Creation of domain users, groups, and organizational units
- Domain join of
WINCLIENT-01 - Domain login validation
- Basic Group Policy documentation
- Build notes and screenshot collection
The next phase will focus on Monitoring and Detection by deploying a SIEM platform, onboarding Windows and Linux log sources, validating ingestion, and building initial detections.
- Build a realistic enterprise-style security lab
- Practice both offensive and defensive security concepts
- Simulate attack activity in a controlled environment
- Generate and analyze logs across Windows and Linux systems
- Document the full build process for learning and portfolio development
This lab is built on a Windows 11 host using Oracle VirtualBox.
DC-01- Windows Server 2022 Domain ControllerWINCLIENT-01- Domain-joined Windows workstationKALI-01- Kali Linux attack machineUBUNTU-01- Ubuntu ServerSIEM-01- Planned for a future phase
- Subnet:
192.168.56.0/24 - VirtualBox NAT used for outbound internet access
- VirtualBox Host-Only Adapter used for internal lab communication
| System | IP Address |
|---|---|
| DC-01 | 192.168.56.10 |
| WINCLIENT-01 | 192.168.56.20 |
| KALI-01 | 192.168.56.30 |
| UBUNTU-01 | 192.168.56.40 |
| SIEM-01 | 192.168.56.50 |
- Configure VirtualBox networking
- Deploy Windows Server VM
- Deploy Windows client VM
- Deploy Kali Linux VM
- Deploy Ubuntu Server VM
- Validate host-to-host communication
- Document IP scheme and roles
- Configure Active Directory
- Create test users and groups
- Join Windows client to domain
- Validate domain logins
- Document Group Policy basics
- Deploy SIEM
- Forward Windows logs
- Forward Linux logs
- Validate ingestion
- Build first detections
- Map activity to MITRE ATT&CK
- Deploy scanner
- Run discovery scans
- Run authenticated scans
- Prioritize findings
- Perform remediation
- Retest and document fixes
- Perform network reconnaissance
- Simulate brute-force activity
- Test privilege escalation paths
- Simulate lateral movement
- Investigate logs and alerts
- Write findings and lessons learned
- Windows 11
- Windows Server 2022
- Windows 11
- Ubuntu Server
- Kali Linux
- Oracle VirtualBox
- Host-only networking
- NAT networking
- Active Directory Domain Services
- Group Policy
- DNS
- Nmap
- Wireshark
- Splunk or Elastic
- Nessus or OpenVAS
- Metasploit
- Burp Suite
Detailed project documentation is organized throughout the repository:
docs/roadmap.mddocs/lab-architecture.mddocs/asset-inventory.mddocs/troubleshooting.mdprojects/00-lab-foundation-and-networking/projects/01-ad-lab-foundation/