Cybersecurity Homelab

September 21, 2025

This is a multi-segmented environment designed for practical cybersecurity training. It allows me to host services, conduct malware analysis, and practice network defense techniques in a safely isolated setup.

A network diagram of the homelab setup

Network Infrastructure

The lab's core setup enabling traffic segmentation and DNS filtering.

Managed Switch: Forms the core of the lab, enabling traffic segmentation through VLANs.
Raspberry Pi 5 (DNS Sinkhole): Runs Pi-hole for network-wide ad and tracker blocking.

Production & Services Network

Hosts always-on services with external access through the primary router.

Utility Server (PC): Multi-purpose server hosting a web server, Minecraft server, and NAS.

Analysis & Research VLAN

Primary workstation isolated for coursework and sandboxed testing.

Primary Workstation (PC): Main machine for lab work and university coursework.
Virtualization: VMWare Workstation 17 to run multiple virtual machines safely.
Guest VMs: Kali Linux, Ubuntu, Windows XP sandbox for malware observation.

Air-Gapped Malware Detonation Environment

A physically separate machine with no network connectivity for high-risk malware analysis.

Hardware: Dedicated Lenovo laptop.
Operating System: Windows XP, wiped and reimaged after each session.