The setup
Everything runs on a single Proxmox hypervisor hosting six virtual machines, a firewall, and a stack of self-hosted services — designed to mirror a small enterprise environment.
Proxmox VE
The hypervisor running it all — 6 VMs on 64GB of RAM, with automated backups and snapshots before every change.
pfSense
Firewall and router handling segmentation, DNS, and the security boundary for the lab.
Windows Server 2022
Active Directory domain controller with OUs, Group Policy, and security groups — plus deliberate misconfigurations for attack practice.
Wazuh SIEM
Security monitoring with custom detection rules tuned to catch the attacks I run against the domain.
Security practice
The lab's real purpose is closing the loop between offense and defense. I misconfigure a domain the way real ones drift over time, attack it, then build detections to catch what I did.
- Built a Windows Server 2022 domain with realistic weaknesses — a Kerberoastable service account, disabled SMB signing, and an exposed credential share
- Practiced offensive techniques with Kali, BloodHound, and Impacket-family tools
- Deployed Wazuh and wrote detection rules to surface Kerberoasting, lateral movement, and suspicious authentication
- Hardened the environment with full audit policy and Group Policy baselines
Services & automation
- 13+ self-hosted services behind a reverse proxy — media, cloud storage, dashboards, and monitoring
- Secure remote access via Cloudflare Zero Trust and Tailscale, no open inbound ports
- An n8n automation pipeline using a local AI model to classify and route priority alerts to my phone
- Dated build logs committed to GitHub so the whole process is auditable
All source and logs live on github.com/SRM9506/Homelab-Project.