homelab — Multi-Site Security Lab
An enterprise-grade detection lab spread across two states. Proxmox + OPNsense in Florida, an HP ProLiant DL360 in Iowa, Tailscale stitching them together. Splunk indexing 40k+ events shipped from Kali via Universal Forwarder.
Built from commodity hardware, runs like the real thing.
Florida site: Dell OptiPlex running Proxmox VE 9, with OPNsense as the gateway, Kali as the attack VM, and Splunk indexing the telemetry. Iowa site: HP ProLiant DL360 carrying Wazuh for the heavy-lift side. A Raspberry Pi 5 at the perimeter runs Pi-hole and Zeek.
Tailscale handles the overlay — no port forwarding, outbound-only — which means I can pivot from anywhere without exposing anything to the public internet. Splunk currently indexes about 40,000 events forwarded from Kali via Universal Forwarder.
Next: stand up Wazuh on the ProLiant, then build a Server 2022 AD domain with Win10/11 clients for Kerberoasting, Pass-the-Hash, and DCSync detection scenarios.