Contents
🏠 Cybersecurity Home Lab Setup Guide
A home lab is a personal environment where you can explore cybersecurity tools, simulate attacks, and build real-world skills—without touching production networks.
⚙️ “The best defenders learn by doing. A lab makes you dangerous—for good.”
🎯 Why Build a Home Lab?
- 🧪 Test tools like SIEMs, EDR, firewalls, and SOAR
- 🔍 Practise malware analysis and threat hunting
- 🔐 Simulate attack chains (MITRE ATT&CK)
- 🧰 Learn scripting, logging, and automation
- 💼 Strengthen your CV with hands-on experience
🧱 Lab Setup Approaches
| Type | Description | Best For |
|---|---|---|
| Virtual Machines (VMs) | Use VirtualBox, VMware, or Hyper-V | Most flexible, great for isolation |
| Bare Metal / Mini PC | Use a dedicated PC or mini server | High performance, stable uptime |
| Cloud-based Lab | Use AWS Free Tier, Azure, or GCP | Great for cloud security practice |
| Raspberry Pi Cluster | Lightweight, low-power lab | Networking, scripting, Linux basics |
🛠 Minimum Hardware Requirements
| Role | Recommended Specs |
|---|---|
| Host PC | 16 GB RAM+, 4+ cores, SSD, at least 500 GB |
| Optional NAS | 2 TB+ storage for logs, VMs, backups |
| Networking | Router that supports VLANs, port mirroring, or PFsense |
🔧 Core Software & Tools
🔹 Virtualisation
- VirtualBox (free)
- VMware Workstation / ESXi
- Hyper-V (Windows Pro/Enterprise)
- Proxmox (bare metal)
🔹 Operating Systems
- Kali Linux – Offensive testing
- Ubuntu Server – Logging, scripting, sysadmin practice
- Windows 10/11 – EDR testing, endpoint simulations
- Security Onion – Network monitoring and NSM
- PFsense or OPNsense – Firewall & IDS/IPS
🧰 Lab Tool Categories
| Category | Tools |
|---|---|
| SIEM | Splunk (free), Elastic Stack, Graylog |
| Threat Hunting | Security Onion, Wazuh |
| Attack Simulation | Atomic Red Team, Caldera |
| Phishing Sim | GoPhish |
| Web App Testing | DVWA, Juice Shop |
| SOAR | Shuffle (open source), Phantom Community Edition |
| EDR-like Tools | Velociraptor, Sysmon, osquery |
| Forensics | Autopsy, Volatility, CyberChef |
🔄 Sample Lab Architecture (Beginner)
[ Host PC ]
├── VM1: Kali Linux (Red Team)
├── VM2: Windows 10 (Victim Endpoint)
├── VM3: Ubuntu Server (SIEM + Splunk)
└── VM4: Security Onion (Network Analysis)
🔐 Set up isolated internal network via virtual switches or bridge adapters
🧠 What You Can Practise
- 🔍 Packet capture and analysis (Wireshark, Zeek)
- 📊 Log ingestion into Splunk or Elastic
- 👨💻 Scripting with Python and PowerShell
- 🔐 Detecting attack patterns with MITRE ATT&CK
- 🚨 Building detection rules (Sigma, YARA, SPL)
- 💥 Launching and defending against real-world TTPs
🔌 Useful Lab Resources
- TryHackMe – Prebuilt VMs & cloud labs
- Attack Range (Splunk) – Full testbed with ATT&CK mapping
- DFIR Training – Free forensic data and tools
- Awesome-Selfhosted – Deployable open-source services
🛡 Security Tips for Home Labs
- 🧱 Use internal NAT networks—don’t expose lab VMs to the internet
- 🔐 Snapshots are your friend—roll back after malware tests
- 🪪 Use strong passwords and isolate test environments from personal use
- 💡 Keep your host OS and hypervisor patched
✅ Summary
A cybersecurity home lab is the best investment you can make in yourself. It lets you break, fix, learn, and experiment—all without risking a real production environment.
🧪 “Build a lab. Learn to hack. Learn to defend. Level up.”