This home lab was built to simulate the kind of hybrid infrastructure commonly found in small and medium enterprise environments. The goal was to move beyond isolated challenge boxes and create a repeatable environment for testing attacker workflows, defensive visibility, and post-exploitation movement inside a controlled network.

The environment includes segmented internal networks, Windows and Linux hosts, Active Directory services, logging and monitoring components, and vulnerable paths that can be used for privilege escalation and lateral movement. That lets me rehearse realistic operator tasks such as enumeration, initial foothold validation, credential abuse, persistence testing, detection tuning, and incident response walkthroughs.

I used the lab to practice both red-team and blue-team workflows. On the offensive side, the focus was on AD abuse, web exploitation pivots, and host compromise validation. On the defensive side, the focus was on telemetry collection, SIEM visibility, alert investigation, and improving detection coverage around the exact techniques exercised in the lab.

The lab is organized around multiple virtual machines and purpose-specific roles rather than a flat sandbox. Core components include a domain controller, user workstations, Linux servers, attacker systems, logging infrastructure, and monitoring nodes. Network separation is used to imitate trust boundaries and make routing, visibility, and pivoting decisions matter during testing.

Key focus areas include Active Directory enumeration, privilege escalation, credential access, lateral movement, log forwarding, and security event review. The lab also supports web application testing and post-exploitation chaining, so findings from one system can be used to validate how compromise would realistically spread through the environment.

This project demonstrates practical understanding of enterprise attack surfaces, not just single-host exploitation. It shows how I design repeatable test environments, document assumptions, validate attacker paths, and connect offensive activity to defensive outcomes.

It also reflects a workflow mindset: build the environment, introduce or simulate vulnerable paths, test exploitation, observe telemetry, and refine detections. That loop is valuable because it mirrors how real-world security teams improve both resilience and visibility.