Home Lab Environment
This dashboard represents the blueprint for a dynamic Capture The Flag (CTF) lab environment. The design visualizes a realistic corporate network, complete with diverse systems and security controls. The ultimate goal is to build this lab as a hands-on training ground for cybersecurity professionals to practice identifying vulnerabilities, detecting threats, and responding to simulated attacks in a controlled, enterprise-grade setting.
Utilizes Active Directory on the Domain Controller for centralized authentication and authorization. Group Policy Objects (GPOs) enforce the principle of least privilege across all domain-joined assets.
Leverages SCCM to automate patch deployment, package distribution, and security baseline enforcement for all Windows endpoints. The lab also includes a Linux client, demonstrating cross-platform visibility.
The pfSense firewall enforces strict network segmentation using VLANs and a DMZ. Access Control Lists (ACLs) prevent unauthorized traffic between zones, containing threats and limiting lateral movement.
The Splunk SIEM instance provides comprehensive visibility by aggregating logs from all network devices. It enables real-time threat detection, correlation of security events, and forensic investigation.
Demonstrates hosting a public-facing web server in a De-Militarized Zone (DMZ), isolating it from the internal network to minimize risk. Firewall rules strictly control access to and from this server.
The external Kali Attacker machine is used to perform simulated penetration tests and vulnerability scans against the network perimeter and DMZ, helping to identify and remediate weaknesses before they can be exploited.
Live Network Topology
Click on diagram components or system cards to highlight related assets and traffic flows. Click the background to reset.
System Components and VM Roles
LAB-FW1-PFSENSE
The network's security gateway, segmenting the internal network, DMZ, and internet. It manages all traffic between VLANs via strict access control lists and provides robust NAT services. It is the central point for monitoring and defending the network perimeter.
LAB-DC1-WIN
Authoritative server for the lab.local domain. Runs Active Directory, DNS, and DHCP services for the internal network. A critical component for centralized authentication, name resolution, and IP address management for all domain-joined assets.
LAB-SCCM1-WIN
Microsoft Endpoint Configuration Manager instance for comprehensive lifecycle management of Windows clients. Responsible for automated software distribution, enforcement of security baselines, deployment of critical patches, and OSD.
LAB-SQL1-WIN
A dedicated Microsoft SQL Server instance for hosting application and user databases. Optimized for performance and security, it provides critical data storage and retrieval services for the corporate infrastructure.
LAB-WEB1-UBUNTU
An internet-facing web server located in the DMZ. It hosts public applications and is isolated from the internal corporate network to limit the impact of a potential compromise. It's a primary target for external vulnerability assessments.
LAB-WKS1-WIN10
A representative enterprise workstation, fully domain-joined and managed by SCCM. This client is the primary testbed for validating Group Policy Objects (GPOs), security control effectiveness, and simulating end-user activity.
LAB-WKS2-LNX
A standard Linux workstation for developers and technical staff. Used for software development, system administration tasks, and testing cross-platform compatibility of internal applications.
LAB-SIEM1-SPLUNK
A Security Information and Event Management (SIEM) platform. It aggregates, normalizes, and analyzes log data from all network devices and servers, providing a single pane of glass for threat detection, incident investigation, and compliance reporting.
LAB-PENTEST1-KALI
An offensive security platform on the public internet. This system is used to simulate real-world cyberattacks against the lab's perimeter and DMZ to test the effectiveness of implemented security controls and detection capabilities.