The Aussie Mr Cyber Home Lab Blueprint – Start Here Part I

Whether you're breaking into cybersecurity or leveling up your SOC skills, building a proper home lab is non-negotiable. Here's my battle-tested setup that covers blue team defence, red team attack, DFIR, and network security—without breaking the bank.

🎯 Lab Goals

· Simulate real enterprise environments

· Practice detection, analysis, and response

· Run penetration testing and exploit chains

· Build SIEM correlation rules and playbooks

· Test tools before deploying them at work

🖥️ Hardware Setup

Option 1: Budget Build (Under $500 AUD)

· Refurbished Dell OptiPlex 7050/9020 (i7, 32GB RAM, 512GB SSD) – ~$300-400 on eBay/Gumtree

· External USB 3.0 drive (2TB+) for forensic images and backups – ~$80

Option 2: Serious Build (What I Run)

· Custom-built server or Dell R720/R730 (dual Xeon, 128GB+ RAM)

· Synology NAS or TrueNAS for storage and backup

· Managed switch (TP-Link, Ubiquiti, or Cisco) for VLAN segmentation

· Dedicated firewall box running pfSense or OPNsense

💾 Core Software Stack

Virtualization Layer

· Proxmox VE (free, open-source) – my go-to hypervisor for running multiple VMs and containers

· Alternative: VMware Workstation Pro, VirtualBox, or ESXi

Network Security

· pfSense/OPNsense – firewall, IDS/IPS (Suricata/Snort), VPN, traffic monitoring

· Security Onion – full NSM (Network Security Monitoring) suite with Zeek, Suricata, Wazuh, and Kibana

Blue Team / SOC

· Splunk Free (500MB/day limit) or Elastic Stack (ELK) – SIEM for log ingestion and correlation

· Wazuh – host-based intrusion detection, endpoint monitoring, compliance checks

· Velociraptor or GRR – endpoint detection and DFIR collection

· TheHive + Cortex – case management and automated analysis

Red Team / Pentesting

· Kali Linux – primary attack platform with all tools pre-installed

· Parrot Security OS – alternative to Kali, lighter footprint

· Metasploit Framework – exploitation and post-exploitation

· Covenant or Havoc C2 – command and control for red team ops

· Windows Server + Active Directory – realistic target environment for AD attacks

· DFIR (Digital Forensics & Incident Response)

· Autopsy – disk and file system analysis

· Wireshark – packet capture and protocol analysis

· Volatility – memory forensics framework

· KAPE – evidence collection and triage

· REMnux – malware analysis distro

Vulnerable Machines & Ranges

· Metasploitable 2 & 3 – intentionally vulnerable VMs

· DVWA, bWAPP, WebGoat – web app pentesting practice

· VulnHub & HackTheBox offline VMs – downloadable CTF-style targets

· GOAD (Game of Active Directory) – realistic AD attack lab

Part II to follow with Network Topology, Key Principles and lots more

3 comments

Cybersecurity BootCamp

skool.com/cybersecurity-bootcamp-2235

Aussie cyber pro with hands-on home lab builder sharing SOC ops, pentesting labs, playbooks & cert prep. Level up your blue-team game Down Under!

Leaderboard (30-day)