wiki / pentest-lab-on-one-box
Pentest lab on one box
You don't need a rack to practice ethically. One used mini PC (32 GB RAM) runs a complete, isolated range.
Layout
- Hypervisor: Proxmox, single node, VLAN 66 only — mapped in Homelab network map
- Targets: two deliberately vulnerable VMs, snapshotted for instant reset
- Attack box: Kali VM, no bridge to any other VLAN
- Logging: everything mirrors to a tiny SIEM VM — practicing detection is half the value
Ground rules
- The lab VLAN has no route to production or the internet by default
- Every engagement, even against your own lab, gets a scope note first
- Snapshots before, notes during, reset after
Practicing scope discipline in the lab is what makes it second nature on paid engagements.
The scope-note habit carries straight into client work — it's the same discipline the intake form on the home page is filtering for.