Home

Blue Team Homelab Summary

6‑month Proxmox + OPNsense SOC‑style lab, built around ISP constraints and strict network segregation.

Duration: 6 months Focus: Blue Team / SOC

Overview What you’re building

Target outcomes

  • Blue‑team skills: SOC workflows, log analysis, detection engineering, incident response.
  • Virtualized lab: Proxmox host running OPNsense, AD, endpoints, SIEM, IDS, Kali.
  • Segregated network: Lab traffic isolated from your daily devices and ISP LAN.
  • Cert‑ready: Security+, CySA+, Blue Team Level 1, and SIEM‑specific certs.

Constraints & design choices

  • ISP constraints: Assume CGNAT / no inbound ports; lab is internal‑only.
  • Access model: Remote access via outbound VPN (e.g., Tailscale/WireGuard) if needed.
  • Security stance: No direct inbound from WAN to lab; OPNsense as the only gateway.
  • Virtual networking: Proxmox Linux bridges for WAN, lab LAN, and security subnet.
High-level Proxmox and OPNsense homelab architecture diagram
High‑level architecture: ISP router → Proxmox host → OPNsense → segmented lab networks (infra, security, attacker).

Architecture Core homelab layout

Proxmox host

  • vmbr0: Management + OPNsense WAN (bridged to ISP router).
  • vmbr10: Lab LAN (AD, Windows clients, Linux servers).
  • vmbr20: Security subnet (SIEM, IDS, monitoring tools).
  • vmbr30 (optional): Attacker subnet (Kali, red‑team tooling).

OPNsense gateway

  • WAN: DHCP from ISP router (e.g., 192.168.0.x).
  • LAN: 10.10.10.1/24 – core lab network.
  • OPT1: 10.10.20.1/24 – security subnet.
  • Rules: Block lab → ISP LAN; allow lab → internet; allow lab ↔ security as needed.

Key VMs

  • Windows Server: AD DS, DNS, GPOs.
  • Windows 10/11: Domain‑joined endpoints.
  • Ubuntu servers: Web apps, log sources, SIEM.
  • Kali Linux: Attack simulation and traffic generation.
Network segmentation diagram with OPNsense and multiple Proxmox bridges
Network segmentation: each subnet lives on its own Proxmox bridge, with OPNsense routing and enforcing policy.

Navigation How to use this roadmap

The site is organized into a summary, a roadmap with monthly and weekly lab pages, a certification guide, and a consolidated list of external resources. Use the top navigation bar to jump between sections:

  • Summary: This page – high‑level architecture and goals.
  • Roadmap & Labs: Month‑by‑month overview with links to each week’s detailed lab page.
  • Certifications: Recommended certs aligned to the 6‑month journey.
  • External Links: All referenced blogs, videos, and docs in one place.
Each weekly page includes a breadcrumb trail so you can always jump back to the month overview or the main roadmap.