This post will evolve as my lab evolves. What once started small is slowly turning into something much bigger. Where This Lab Actually Started Before the NUC. Before Unraid. Before Docker contai...

Installing Pi-hole on Unraid (br0 + Static IP) - And Breaking My Network (Before Fixing It) I wanted better DNS visibility and ad blocking inside my homelab and my home network. So naturally… I in...

Enhancing Wazuh Telemetry with Sysmon on Windows Server Wazuh pulls a lot of data from Windows Event Viewer by default. But after digging through the logs, I realized it’s not rich enough for the ...

Deploying Wazuh in My Homelab (Raspberry Pi + Windows DC) I had never worked with a SIEM before, so instead of just reading about one, I decided to build it myself. I wanted visual visibility int...

Deploying T-Pot on Unraid Using Ubuntu Server I wanted a way to visually look at attacks when they come in. I plan on opening the IP with tailscale with a friend to see attack scenarios I decided...

Introduction In this lab, I set up an Active Directory Domain Controller using Windows Server 2025 and connected a Windows 10 client to simulate a real-world enterprise environment. By us connecti...

Overview This set of labs was basically all about using hash sets the right way (known good vs known bad), getting Autopsy configured so it doesn’t light up fake system files, and then doing a bit...

Case Overview In this lab scenario, I was provided with a USB drive containing files relevant to a legal matter. Since returning to a lab environment was not possible, the objective was to generat...

Overview This lab was focused on digging into NTFS artifacts directly instead of relying only on GUI output. I worked with raw $MFT fragments, interpreted FILETIME values manually, and analyzed $U...