One of the most impactful projects I’ve worked on for my growth in cybersecurity has been designing and building my own lab environment. I wanted a space where I could practice both offensive and defensive techniques, simulate enterprise networks, and experiment with tools I’d encounter in the field — all without risk to production systems.
To achieve this, I built my lab around virtualization, network segmentation, and a mix of realistic and vulnerable targets. The end result is a flexible and isolated environment that mirrors the complexity of real-world infrastructure, while still being completely under my control.
Core Infrastructure
Proxmox Server (Hypervisor)
At the heart of my lab is a Proxmox server. Proxmox gives me the ability to run multiple virtual machines (VMs) and containers on a single piece of hardware. I rely heavily on:
- Snapshots for quick rollbacks — essential when testing exploits or making risky changes
- Resource management to keep everything balanced, even with multiple VMs and services running
- Flexibility to build, destroy, and rebuild environments rapidly
pfSense Firewall (Gateway & Network Segmentation)
pfSense is the central nervous system of my network. It acts as my:
- Firewall and router
- DHCP server for lab subnets
- VLAN manager for network segmentation
- Traffic controller with granular firewall rules
With pfSense, I can connect my lab to my home network/internet while still keeping it isolated. More importantly, I can enforce segmentation between VLANs, so attacks in one area don’t automatically spread across the lab — just like in an enterprise environment.
Network Architecture (VLANs)
To mirror corporate infrastructure, I set up multiple VLANs, each with its own subnet and purpose. Here’s how I structured them:
graph TB
A[Proxmox Server<br/>Hypervisor] --> B[pfSense Firewall<br/>Gateway & Routing]
B --> C[VLAN 1<br/>Security Ops<br/>10.0.1.0/24]
B --> D[VLAN 10<br/>Targets<br/>10.0.10.0/24]
B --> E[VLAN 20<br/>Enterprise<br/>10.0.20.0/24]
B --> F[VLAN 30<br/>Web Apps & IR<br/>10.0.30.0/24]
C --> C1[Kali, Nessus<br/>Wazuh, CALDERA]
D --> D1[DVWA<br/>Metasploitable]
E --> E1[AD, Windows<br/>Clients]
F --> F1[Docker, TheHive<br/>Cortex]
style A fill:#008B8B,stroke:#00BFFF,color:#fff
style B fill:#ff073a,stroke:#ff073a,color:#fff
style C fill:#1a1a2e,stroke:#008B8B
style D fill:#1a1a2e,stroke:#008B8B
style E fill:#1a1a2e,stroke:#008B8B
style F fill:#1a1a2e,stroke:#008B8B
VLAN 1: Security Operations / Blue Team Network
Gateway: 10.0.1.254
Purpose: My analyst and defender network — home to my monitoring and testing tools.
This VLAN houses all my offensive and defensive security tools, creating a centralized command center for security operations.
VLAN 10: Vulnerable Target Network
Gateway: 10.0.10.254
Purpose: Hosts intentionally vulnerable systems I can safely attack.
This isolated network contains systems designed to be compromised, perfect for practicing attack techniques without consequences.
VLAN 20: Enterprise Simulation / Internal Network
Gateway: 10.0.20.254
Purpose: Simulates a corporate internal domain environment.
Features a complete Active Directory environment with joined workstations, mimicking real enterprise networks for realistic testing scenarios.
VLAN 30: Web Applications & Incident Response
Gateway: 10.0.30.254
Purpose: Dedicated to vulnerable web apps and centralized incident response.
Containerized applications and incident response tools provide a comprehensive platform for web security testing and case management.
Key Technologies and Their Benefits
- Virtualization (Proxmox): I can rapidly test scenarios, reset to clean states, and maximize hardware usage
- Network Segmentation (pfSense + VLANs): Prevents “flat network” issues, allows realistic testing, and mirrors enterprise security practices
- Containerization (Docker + Portainer): Makes deploying web apps and IR tools lightweight and repeatable. Using macvlan, I ensure containers act like full hosts with their own IPs
- Diverse Tooling: Offensive (Kali, Nessus), defensive (Security Onion, Wazuh, TheHive), and adversary emulation (CALDERA) — a full stack for practicing both attack and defense
- Realistic Targets: From Active Directory environments to vulnerable web apps, I’ve created multiple attack surfaces to practice against
Important Setup Considerations
A few things I learned while building and maintaining this lab:
Critical Configuration Points
- Firewall Rules: pfSense policies are critical. I carefully defined which VLANs can talk to which, e.g., allowing my analyst VLAN to reach targets but not vice versa
- Resource Management: Windows VMs, Security Onion, and TheHive are resource-heavy. Balancing CPU, RAM, and storage in Proxmox is key
- Docker Networking: Ensuring the Docker host was properly bridged to VLAN 30 was essential for macvlan to work
- Troubleshooting Containers: Many web apps require databases or dependencies — logs in Portainer are invaluable here
- Documentation: I keep records of IPs, configs, and issues I’ve solved — this helps me rebuild quickly or retrace steps
Closing Thoughts
This lab has become more than just a side project — it’s my sandbox for continuous learning. Whether I’m testing new security tools, simulating adversary techniques, or fine-tuning defenses, it provides me with hands-on experience that translates directly into professional skills.
For employers and colleagues, this lab demonstrates not just technical ability, but also my approach to problem-solving, network design, and security best practices. For learners, it shows that with the right structure, you can create a safe but realistic environment to practice nearly every aspect of cybersecurity.