🏠 Home Lab Build — The $300 SOC Analyst Starter Lab (No Rack Required)

One of the most common questions I get: "I want to build a home lab but I don’t have a lot of money or space — where do I start?"

Here’s my answer. You don’t need a server rack, an enterprise switch, or a $2,000 budget. You need ONE decent box and free software. Here’s a build I’d put together today for a beginner SOC analyst on a tight budget.

💰 TOTAL BUDGET: ~$300 AUD (or less if you shop smart on eBay)

🖥️ THE HARDWARE:

Dell OptiPlex 7040 SFF (i5, 16GB RAM, 256GB SSD) — ~$150–$180 on eBay

Why? Small form factor, silent, low power, handles 4–6 VMs no problem.

Optional upgrade: Add a cheap 1TB SSD (~$60–70) for more VM storage.

📦 THE SOFTWARE STACK (all free):

- Proxmox VE — your hypervisor (bare metal, free, enterprise-grade)

- pfSense VM — virtual firewall and network segmentation

- Wazuh — your SIEM + EDR (open source, incredibly powerful)

- Kali Linux VM — attacker machine for testing your own detections

- Windows 10 VM — victim/endpoint to monitor

🔧 HOW IT FITS TOGETHER:

1. Install Proxmox on the OptiPlex (bare metal)

2. Spin up pfSense as your gateway VM to segment your lab network from your home network

3. Deploy Wazuh server VM and enrol your Windows VM as an agent

4. Use Kali to simulate attacks (nmap scans, brute force, etc.)

5. Watch Wazuh fire alerts — analyse and tune your rules

🎯 WHAT YOU CAN PRACTISE WITH THIS BUILD:

- Log analysis and SIEM alert triage

- Network traffic monitoring and anomaly detection

- Incident response workflows

- Writing and tuning detection rules

- Blue team vs red team scenarios (you vs yourself)

💡 PRO TIPS:

- Buy refurbished OptiPlexes — they’re workhorses and dirt cheap

- Start with 2–3 VMs and scale up as you get comfortable

- Document EVERYTHING — your build notes will become your portfolio

- Snapshot your VMs before any major testing so you can roll back easily

This exact setup — or something very close to it — is what I run in my own lab. It’s not flashy, but it’s real, practical, and directly relevant to what SOC analysts do every day.

Drop your questions below 👇 and tell me: what’s your current setup or what are you working towards?

—

@Aussie Mr Cyber

0 comments