Bridge Safe Labs Logo

Lab Overview

Lab Overview

Everyone working in Cybersecurity, Development, or IT in general should have a good lab setup. I didn't come from money, my family was dirt poor and I was only just breaking into IT with my helpdesk job back in 2016 making $15 an hour working at a small factory. So building a lab seemed like a daunting task. I didn't have $1,400 to throw away on a Palo Alto Firewall. Or the funds to buy a high end server, nor did I have a place to put it with my living situation at the time. Luckily a break came when I was tasked from that job with getting rid of all the old equipment. I turned a companies garbage into my own pride and joy. I've found by working in the IT field for nearly a decade, this has given me an interesting perspective and attitude regarding technology and learning. I didn't have the money to purchase high end hardware, but I did have company "garbage". So I learned a valuable lesson out of all this: Make it work with what you have.

Now days, things are a different story. However, with me still being the little IT Tech Raccoon that I am, I scrounge up new hardware and equipment mostly from throw away items or old equipment that I have replaced over time. To give an idea of my own lab setup, I'll go over what I am currently running, and the software and links to everything that I have going on.

Current Daily Driver: My daily driver is the trusty Debian 12, currently on a Dell Laptop latitude 7310 with a 10th Gen i7 and 32GB of DDR4 Ram I purchased off eBay for just under $300. I migrated from a desktop and laptop setup with Qubes, that required me to utilize Syncthing to transfer files back and forth. But that would be problematic if I forgot to do that after shutting down one device. So I migrated to a single use 13 inch Dell Laptop. I wanted to slim down and not lock myself in my office for use of computer. Yes, I had my laptop, which at the time was a Lenovo Thinkpad T450 with an 6th Gen i7 and 16GB of DDR3, it was beastly and cumbersome and the battery was well due for a replacement, so portability was usually somewhere close to an outlet. I still have it and utilize it for testing various Linux distros on hardware from time to time.

Screenshot from 2025-02-02 21-11-25

Lab Setup: My Lab Setup is again, equipment I've mostly scrounged up or old equipment.

Firewall: A Sonicwall TZ600, nothing fancy, nothing special about it. I don't have support as it was pulled from a recycling bin from a good friend of mine who gave me a few drives, an access point that is still sitting in the box he gave me the equipment in, and this sonicwall. It's nothing fancy but does the job.

My main server I utilze is a SuperMicro Hyve Zeus 1U Server running Proxmox. I was able to get this through my old jobs supplier, for again less than $300. With the current setup I am comfortable running anywhere up to 10 virtual machines at a single time. Though usually I have about 5 or 6 running continuously such as my Git Repo running on Gittea and Uptime Kuma as well as a Python Web Server housing a copy of the Zoo a Malware Repository (More on why in a bit)

Screenshot from 2025-02-02 21-25-45

On the next shelf is an old dell laptop on a stand. That is actually running my own instance of Wazuh this monitors pretty much every device in my home from my various hardware to virtual servers running. Wazuh being an open source XDR and SIEM solution. I've seen those Splunk and Crowdstrike Prices and don't have those kinds of funds to run my own. But it still gives me insight into what's going on on my network and devices.

Sitting underneath that laptop, is an old Lenovo Ultra Small Form Factor with an 6th gen i5 and 16GB of DDR3 that was a throw away desktop from a company that closed down in my city. This is running CasaOS and acts as my network share and backup. Originally, it did run virtually within my Proxmox environment, but I wanted a separate physical hardware space given it was backup and network share. Again, I could have opted for a Synology box, but what fun is that? Though I do miss having proper RAID. I do have a server sitting in my garage currently with about 6TB of Drives that I will eventually migrate over to TrueNAS. However, this works for the time being.

None of this makes me as happy as my other two pieces of equipment. More specifically what they are running.

The first is a Dell Ultra Small Form Factor 7040, with similar specs to my laptop and in fact was my old desktop that I had replaced it with. I did have this running in a fully portable Proxmox lab which I brought to the Defcon Meetup in Minneapolis, complete with it's own Wifi network powered by a NanoPi RC5 from Friendly Elec, a 1TB External SSD connected via USB-C for VM Storage, and a 5 Port Dummy Switch from Netgear purchased cheap at my local Microcenter. I held it all together with a custom 3D Printed bracket and surprisingly it was able to be all powered off the USB ports on the desktop.

Screenshot from 2025-02-02 22-06-11

However, as I didn't use this as much as I thought I would, I ended up tearing it down, as I was having some issues virtualizing my threat intelligence feed running OpenCTI. I had actually built that strictly for this project, with the hopes of it generating new IOCs and Threat Reports giving me information. The inclusiveness of RSS feeds into means I have a one stop shop for everything I'm after, from new malware, to breaking news. Super easy to setup, and I intend to do a video on it and use it in further content down the line. Stay tuned for that.

The last piece of equipment I have running is a Lenovo Thinkcentre equipped with an AMD Ryzen 7 Pro 3700 and 32GB of DDR4. This was by far the biggest pain in my lab to setup, as this plays host to my own Automated Malware Analysis Suite running CAPEV2 which I did a discussion on for the Minnesota Branch of DEFCON (DC612). Though their documentation is solid, I still struggled getting this up and running with all the correct permissions and settings and it still requires tweaking as occasionally some errors will happen, the KVM is still completely isolated, not even routed over a VPN or Tor. So it's still a work in progress, but I have had a chance to run some neat samples through it as I find new and interesting malware samples from my late nights scouring the web. Eventually, the hope down the line is to work out the issue I had with the Docker Connector for OpenCTI, so as I ingest new samples I can automatically perform analysis and enrichment of that platform. Maybe one day.

Could it be better? Sure. My cables aren't organized. It lives in the garage, so dusty days means a lot of maintenance. But it's mine, and it doesn't have to be anything special when it's yours. It just has to be yours and you have to take pride in owning what you own.

-Kevin (Macros)

Next Post

To Top