Home Lab – Detection & Response Environment

My personal cybersecurity lab is built for hands-on blue team practice: log analysis, packet inspection, detection engineering, threat hunting, and incident response simulation.

Current Hardware

• KAMRUI Essenx E1 Mini PC – Primary Lab Server
  Intel N97 • 16 GB DDR4 • 256 GB M.2 SSD • Dual 4K HDMI • Gigabit Ethernet • Wi-Fi 6 + BT 5.2
• Lenovo ThinkPad T480 – Management & Analysis Laptop
  Intel Core i5-8350U • 16 GB RAM • 256 GB SSD • Windows 10 Pro
• Netgear GS308 – 8-Port Gigabit Unmanaged Switch
  Simple, reliable lab backbone

Core Tools & Platforms

• Security Onion – Full packet capture, IDS, log management
• Splunk Free – Log ingestion and dashboarding
• Wireshark – Deep packet analysis
• Velociraptor / Elastic Agent – Endpoint collection
• Sigma Rules – Cross-platform detection logic
• Kali Linux VM – Controlled adversary emulation
• Atomic Red Team – Safe technique testing

Daily Lab Activities

• Full packet capture and long-term storage
• Log forwarding from Windows, Linux, and network devices
• Writing and testing custom Sigma detection rules
• Running Atomic Red Team and reviewing alerts
• Threat hunting exercises with real malware samples (in isolated VMs)
• Building and tuning Splunk dashboards
• Practicing incident response workflows and documentation
• Experimenting with new open-source security tools

Goals of This Lab

Stay sharp on real-world detection techniques, deepen tool proficiency, contribute detection content (Sigma rules, scripts), and continuously improve my ability to protect and respond — all in a safe, isolated environment.

Useful Links

• Security Onion – securityonion.net
• Splunk Free – splunk.com
• Sigma HQ – github.com/SigmaHQ/sigma
• Atomic Red Team – redcanary.com/atomic-red-team

Last updated: November 2025