Browse Labs
Home Lab

Self-hosted topology.
Where the labs actually run.

A documented self-hosted lab - Active Directory, SIEM, EDR, identity, and network components - used for safe offensive practice and detection-engineering work. Open-source where possible, tuned for reproducibility.

Cyber Range

3 components
Hypervisor
Available

Proxmox VE

Hosts the AD lab, target VMs, and isolated attack-surface segments.

Target environment
Available

Windows AD (2-DC, 6-host)

Two-domain Active Directory with realistic GPO and service-account misconfigurations.

Target environment
Available

Linux target stack

Web app, DB, message bus, and SSRF/SSRF-adjacent edge surfaces for lab work.

Detection

3 components
SIEM
Available

Elastic Stack

Centralised log ingestion, detection-as-code rules, and lab telemetry visualisation.

EDR / HIDS
Available

Wazuh

Endpoint telemetry across the lab - process trees, file integrity, syscalls.

Detection-as-code
Available

Sigma rule library

Hand-written rule set covering the techniques exercised in the lab tracks.

Identity

2 components
AD graph
Available

BloodHound CE

Privilege-path analysis on the AD environment for both red and blue exercises.

OIDC / OAuth
Build Stage

Keycloak

Local OIDC provider used for OAuth lab tracks and federation experiments.

Network

2 components
IDS
Available

Suricata

Lab-edge IDS with custom rules tuned against the documented exploit chains.

Network analytics
Available

Zeek

Protocol-aware analysis on lab traffic for forensics and detection engineering.

Tooling

2 components
Threat intel
Available

MISP

Local MISP instance for IOC management and OSINT case enrichment.

Intel modeling
Available

OpenCTI

STIX-shaped storage of actor, infrastructure, and TTP relationships from OSINT work.

Open-source lab repositories

Curated
HCL
bsc-homelab-infra
Terraform + Ansible for the lab
YAML
bsc-detection-rules
Sigma + Elastic detection rules
Python
bsc-ad-attack-scripts
AD walkthrough harnesses
Python
bsc-ai-security-toolkit
Adversarial-prompt regression suite

Repositories are curated and published as their content stabilises - links are added to each module page as they go live.