An active learning security lab with three tracks: systematic platform-based study, real enterprise infrastructure on Proxmox with live public IPs, and hands-on exploitation of deployed vulnerable machines. Writeups reflect the nature of the research, the goals for each process, and the learning process through hands-on experience.
Working through the full PortSwigger curriculum in order. Each topic has a tracker and individual writeups per lab.
| Topic | Progress |
|---|---|
| SQL Injection | IP |
| Authentication | Planned |
| Path Traversal | Planned |
| OS Command Injection | Planned |
| XSS | Planned |
| ... |
Full topic list and progress →
A production Proxmox node with two public IPv4 addresses and dual /64 IPv6 subnets. Internet-facing - honeypots, sensors, and SIEM are live. Configuration and runbooks documented here; IPs are kept local.
| Component | Description |
|---|---|
| Architecture | VLAN topology, bridge design, IPv6 addressing |
| Gateway / Firewall | OPNsense per WAN, firewall rule philosophy |
| Services | Honeypot, SIEM, network monitoring |
| Runbooks | New VM, firewall changes, incident response |
Hands-on exploitation of deliberately vulnerable machines running in the lab. Writeups cover full compromise chains - recon through post-exploitation - with a blue team detection angle on each.
| Lab | Description | Status |
|---|---|---|
| Vulnerable Network | DVWA, Metasploitable 2, VulnHub machines | Planned |
| Active Directory | Windows AD built to attack - Kerberoasting, DCSync, BloodHound | Planned |
| Honeypot | OpenCanary - deployed, collecting real traffic | Planned |
| Malware Analysis | FlareVM + REMnux sandbox | Planned |
| SIEM | Wazuh - detecting attacks generated from Track 3 machines | Planned |
| Network Monitoring | Zeek + Suricata on span port | Planned |
Offensive: Metasploit, Burp Suite, nmap, gobuster, hydra, Impacket, BloodHound
Defensive: Wazuh, Zeek, Suricata, OpenCanary
Infrastructure: Proxmox, OPNsense, VLANs
- Platform lab writeup - PortSwigger, HTB Academy, THM
- Machine writeup - DVWA, Metasploitable, VulnHub, HTB boxes