raghv.dev

HOME LAB

HomeLab Corp

4-node enterprise security simulation. Real hardware. Real domain. Real attacks. Monitored by Wazuh SIEM — generating authentic blue team experience.

NETWORK TOPOLOGY

HOMELAB.CORP — 192.168.10.0/24

LIVE
DC-01192.168.10.10WEB01192.168.10.20KALI01192.168.10.30WAZUH01192.168.10.40
SIEM Log Flow
Attack Traffic

DC-01

Domain Controller

OS: Windows Server 2022

IP: 192.168.10.10

HW: Core i5 · 16GB RAM · 500GB SSD

SERVICES

Active Directory DSDNS ServerDHCP ServerGroup PolicyEvent Log Collector

CONFIGURATION NOTES

Domain: HOMELAB.CORP

Forest/Domain functional level: Windows Server 2019

GPO: CIS Benchmark L1 applied

Wazuh agent installed — all events forwarded

PowerShell ScriptBlock logging enabled

Windows Event Forwarding → WAZUH01

WAZUH SIEM — RECENT ALERTS

Lab exercise session · 12:43 UTC
12:43:22HIGHMultiple failed SSH loginsWEB01
12:41:08MEDNmap SYN scan detectedDC-01
12:38:55HIGHHydra brute force attemptWEB01
12:35:10LOWNew user account createdDC-01
12:30:44MEDGobuster web scanWEB01
[INFO] Wazuh agent heartbeat · DC-01 · homecorp.local · OK·[WARN] Failed SSH auth attempt · 192.168.56.102 · Rule 5710 · Level 5·[INFO] Nmap scan completed · WEB01 · 23 open ports detected · Logged·[ALERT] Hydra brute-force detected · admin@192.168.56.101 · BLOCKED·[INFO] SPL query executed · index=security · 4,892 events returned·[INFO] ISC2 CC · PASSED · 2024 · Credential active·[INFO] CompTIA Security+ SY0-701 · PASSED · 2025 · Credential active·[WARN] Gobuster scan detected · /api/admin · 403 returned · Alert fired·[INFO] Wireshark PCAP capture · eth0 · 12,441 packets · Saved·[INFO] System status · LEARNING · BUILDING · AVAILABLE FOR SOC ROLES·[INFO] GPO applied · homecorp.local · Password policy · min 12 chars·[ALERT] Nikto scan from KALI01 · WEB01 · Wazuh alert · Severity: High·[INFO] Wazuh agent heartbeat · DC-01 · homecorp.local · OK·[WARN] Failed SSH auth attempt · 192.168.56.102 · Rule 5710 · Level 5·[INFO] Nmap scan completed · WEB01 · 23 open ports detected · Logged·[ALERT] Hydra brute-force detected · admin@192.168.56.101 · BLOCKED·[INFO] SPL query executed · index=security · 4,892 events returned·[INFO] ISC2 CC · PASSED · 2024 · Credential active·[INFO] CompTIA Security+ SY0-701 · PASSED · 2025 · Credential active·[WARN] Gobuster scan detected · /api/admin · 403 returned · Alert fired·[INFO] Wireshark PCAP capture · eth0 · 12,441 packets · Saved·[INFO] System status · LEARNING · BUILDING · AVAILABLE FOR SOC ROLES·[INFO] GPO applied · homecorp.local · Password policy · min 12 chars·[ALERT] Nikto scan from KALI01 · WEB01 · Wazuh alert · Severity: High·