STAGING · preview build — not the live site

wiki / pentest-lab-on-one-box

Pentest lab on one box

You don't need a rack to practice ethically. One used mini PC (32 GB RAM) runs a complete, isolated range.

Layout

  • Hypervisor: Proxmox, single node, VLAN 66 only — mapped in Homelab network map
  • Targets: two deliberately vulnerable VMs, snapshotted for instant reset
  • Attack box: Kali VM, no bridge to any other VLAN
  • Logging: everything mirrors to a tiny SIEM VM — practicing detection is half the value

Ground rules

  1. The lab VLAN has no route to production or the internet by default
  2. Every engagement, even against your own lab, gets a scope note first
  3. Snapshots before, notes during, reset after
Practicing scope discipline in the lab is what makes it second nature on paid engagements.

The scope-note habit carries straight into client work — it's the same discipline the intake form on the home page is filtering for.