I wanted to take some time to explain my homelab setup and give others some inspiration or guidance. This post was inspired by a question posed by @blueteamblog on Twitter.
I retired my previous gaming desktop and made it into my virtualization host. I've chosen to run Proxmox VE, but previously used ESXi/vSphere from VMWare. I opted for Proxmox since I have some experience with ESXi/vSphere and wanted something new.
Hardware specs are as follows:
- AMD Ryzen 2600 Six-Core CPU (giving me 12 total CPUs within Proxmox)
- 32gb DDR4 2666 MHz RAM
- 128gb Samsung SATA SSD (hosting the Proxmox install)
- 1tb Samsung SATA SSD (hosts VMs and templates)
I also have a Synology NAS (the DS418play) which is connected to the Proxmox host and houses ISOs, LXC container templates, and backups of certain VMs or containers.
I have a single IP address assigned to the Proxmox host, and all VMs use the same network bridge. I plan to do some host-only networking and some VM-to-VM networking, but I haven't had the time to set this up as nicely as I'd like to.
I have the latest Ubuntu, CentOS, Windows 10, and Windows Server (2016 + 2019) ISOs on hand. I also have LXC containers managed by Proxmox for Ubuntu. I find that I wind up using those four OS more than any others. Occasionally I power up a Windows 7 machine to detonate a piece of malware that I think may be affected by Windows 10's changes, but this is super rare.
Daniel Miessler released a blog post named
Brag About Your Content, Not Your Tools which wonderfully explains, in essence, "your tools don't matter to other people. What matters is what you create with them." I've struggled with how to put that sentiment into words for a while, and I defer to Miessler to explain it more at length.
That said, here's what tools I have regularly available to me:
- PiHole runs 24x7 and is the only DNS resolver in my environment. If it goes down for some reason, DNS lookups fail. I enjoy that ads and trackers are blocked, but I primarily want it for DNS logging, hence why I don't specify any alternate resolvers.
- FLARE-VM from FireEye provides a modern Windows environment for reverse engineering and some basic forensics tasks.
- Commando VM also from FireEye gives me a Windows-based pentesting experience. I don't use it often, but it remains available.
- SIFT by SANS is similar to FLARE and Ubuntu based; I find it compliments FLARE nicely.
- Free Splunk provides a logging, SIEM, and data analytics platform which gets logs from the aforementioned VMs as well as my router and laptop.
- Previously a SecurityOnion instance ran for Network Security Monitoring (NSM) however I haven't been able to get a "span"/mirror port working on Proxmox. There's ample documentation on how to do it, I just haven't been successful in deploying it yet.
- Snapshots are your best friend. I have at minimum two snapshots per VM: one before I install any tools, and one after I install all my tools and verify functionality.
- Create a template of the common VMs you use. My Windows Server and Windows 10 VMs are deployed as "full clones" from templates.
- Consider logging infrastructure, it's really fun to just look through sometimes.
- Maintain some kind of list in your note-taking application of choice with links, ideas, etc. for your homelab. Revisit it when you find yourself bored and in the mood to build something.
- Similar to #4, take notes! Use whatever tools make the most sense to you, and fit your workflow. If you're unsure, there are a lot of great free, open source applications for note taking for your use. You could always stick with things that are tried and true like Microsoft OneNote, Microsoft Word, CherryTree, or just plaintext documents. Whatever works. Just document what you learn!
When brand new, the desktop I repurposed into a server came in at just under $1,000 (mostly because of the graphics card, but I no longer use the GPU in my Proxmox setup). You can very easily get started with a homelab on your current laptop or desktop with no dedicated hardware. You could invest in a NAS that has the ability to run containers and keep everything in "one solution."
Alternatively, registering with the "GitHub Education Pack" will provide users with some DigitalOcean credits. AWS has a student program, as does Azure (through its Visual Studio collective). You could definitely host VMs in the cloud should you so choose.
Homelabbing is a great way to practice new techniques, experiment with new tools, or refresh your mind about things you've worked with in the past. You can start today for $0, or go crazy and spend a few thousand on hardware. It's up to you and your goals.
The end goal is learning; keep that in mind, that it's a constant learning process and you should be kind to yourself with the hiccups you inevitably hit along the way.
- A great post from DFIRDiva on their homelab setup and how it has evolved over the years. This served as inspiration when I was rebuilding my lab.
- Some information from DFIRDiva on how they incorporate their homelab training into their resume, advice I've found helpful when interviewing.
- /r/homelab for inspiration and general discussion, /r/homelabsales for buying hardware if you should want to go that route.