Home Labs

HANDS-ON CYBER RANGES

Blueprinted environments I run at home to pressure-test detections, rehearse incident response, and validate purple team strategies. Each lab ships with scenario context, required tooling, and success metrics.

Featured runbook

Detection Engineering Lab: Elastic SIEM vs Cobalt Strike

Deploy a compact Elastic Stack, ingest Sysmon telemetry, simulate a Cobalt Strike beacon, and harden detections with ATT&CK-aligned analytics and Sigma automation.

Intermediate3.5 hoursDetection Engineering

MISSION OBJECTIVES

Deploy Elastic Stack with index lifecycle management tuned for home hardware
Enable Sysmon operational logging with minimal performance footprint
Simulate Cobalt Strike beacon activity mapped to ATT&CK T1059 and T1105
Publish Sigma detection for beacon spawn and schedule pipeline to Elastic

Launch featured lab

Detection Engineering Lab: Elastic SIEM vs Cobalt Strike

Filter Labs

Incident ResponseAdvanced

Incident Response Lab: Azure Storage Breach Containment

Investigate and contain credential abuse against Azure Storage accounts, pivoting from unified audit logs to live containment with Logic Apps and Defender for Cloud.

4 hoursAzure CLI · Kusto Query Language +

Collect incident artifacts from Azure Activity and Storage logs
Replay the intrusion timeline entirely with KQL queries
Deploy a Logic App playbook that locks compromised storage keys

Open lab

Purple TeamIntermediate

Purple Team Lab: Ransomware Kill Chain in Proxmox

Stage a compact Proxmox cluster, simulate a ransomware campaign end-to-end with Atomic Red Team, and capture telemetry into LimaCharlie for cross-vendor detection benchmarking.

5 hoursProxmox VE · Atomic Red Team +

Build a Proxmox blueprint with isolated VLAN for ransomware drills
Execute Atomic Red Team T1486 (Data Encrypted) with pre- and post-conditions
Collect EDR and DFIR telemetry into LimaCharlie buckets

Open lab