One of the most common questions I get: "I want to build a home lab but I don’t have a lot of money or space — where do I start?" Here’s my answer. You don’t need a server rack, an enterprise switch, or a $2,000 budget. You need ONE decent box and free software. Here’s a build I’d put together today for a beginner SOC analyst on a tight budget. 💰 TOTAL BUDGET: ~$300 AUD (or less if you shop smart on eBay) 🖥️ THE HARDWARE: Dell OptiPlex 7040 SFF (i5, 16GB RAM, 256GB SSD) — ~$150–$180 on eBay Why? Small form factor, silent, low power, handles 4–6 VMs no problem. Optional upgrade: Add a cheap 1TB SSD (~$60–70) for more VM storage. 📦 THE SOFTWARE STACK (all free): - Proxmox VE — your hypervisor (bare metal, free, enterprise-grade) - pfSense VM — virtual firewall and network segmentation - Wazuh — your SIEM + EDR (open source, incredibly powerful) - Kali Linux VM — attacker machine for testing your own detections - Windows 10 VM — victim/endpoint to monitor 🔧 HOW IT FITS TOGETHER: 1. Install Proxmox on the OptiPlex (bare metal) 2. Spin up pfSense as your gateway VM to segment your lab network from your home network 3. Deploy Wazuh server VM and enrol your Windows VM as an agent 4. Use Kali to simulate attacks (nmap scans, brute force, etc.) 5. Watch Wazuh fire alerts — analyse and tune your rules 🎯 WHAT YOU CAN PRACTISE WITH THIS BUILD: - Log analysis and SIEM alert triage - Network traffic monitoring and anomaly detection - Incident response workflows - Writing and tuning detection rules - Blue team vs red team scenarios (you vs yourself) 💡 PRO TIPS: - Buy refurbished OptiPlexes — they’re workhorses and dirt cheap - Start with 2–3 VMs and scale up as you get comfortable - Document EVERYTHING — your build notes will become your portfolio - Snapshot your VMs before any major testing so you can roll back easily This exact setup — or something very close to it — is what I run in my own lab. It’s not flashy, but it’s real, practical, and directly relevant to what SOC analysts do every day.

In Part I I shared my blueprint, now I want to hear about yours. Drop in the comments: - Your rough budget (shoestring, mid-range, or “send help, I’m on eBay again”) - Your main goal (SOC analyst, pentester, DFIR, “I just want to break stuff and learn”) - What gear or software you’re thinking of starting with I’ll reply with suggestions to help you shape a realistic lab plan around your budget and goal so you’re not wasting cash on the wrong kit.

Whether you're breaking into cybersecurity or leveling up your SOC skills, building a proper home lab is non-negotiable. Here's my battle-tested setup that covers blue team defence, red team attack, DFIR, and network security—without breaking the bank. 🎯 Lab Goals · Simulate real enterprise environments · Practice detection, analysis, and response · Run penetration testing and exploit chains · Build SIEM correlation rules and playbooks · Test tools before deploying them at work 🖥️ Hardware Setup Option 1: Budget Build (Under $500 AUD) · Refurbished Dell OptiPlex 7050/9020 (i7, 32GB RAM, 512GB SSD) – ~$300-400 on eBay/Gumtree · External USB 3.0 drive (2TB+) for forensic images and backups – ~$80 Option 2: Serious Build (What I Run) · Custom-built server or Dell R720/R730 (dual Xeon, 128GB+ RAM) · Synology NAS or TrueNAS for storage and backup · Managed switch (TP-Link, Ubiquiti, or Cisco) for VLAN segmentation · Dedicated firewall box running pfSense or OPNsense 💾 Core Software Stack Virtualization Layer · Proxmox VE (free, open-source) – my go-to hypervisor for running multiple VMs and containers · Alternative: VMware Workstation Pro, VirtualBox, or ESXi Network Security · pfSense/OPNsense – firewall, IDS/IPS (Suricata/Snort), VPN, traffic monitoring · Security Onion – full NSM (Network Security Monitoring) suite with Zeek, Suricata, Wazuh, and Kibana Blue Team / SOC · Splunk Free (500MB/day limit) or Elastic Stack (ELK) – SIEM for log ingestion and correlation · Wazuh – host-based intrusion detection, endpoint monitoring, compliance checks · Velociraptor or GRR – endpoint detection and DFIR collection · TheHive + Cortex – case management and automated analysis Red Team / Pentesting · Kali Linux – primary attack platform with all tools pre-installed · Parrot Security OS – alternative to Kali, lighter footprint · Metasploit Framework – exploitation and post-exploitation · Covenant or Havoc C2 – command and control for red team ops · Windows Server + Active Directory – realistic target environment for AD attacks